Executive Summary
Summary | |
---|---|
Title | Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) |
Informations | |||
---|---|---|---|
Name | MS10-092 | First vendor Publication | 2010-12-14 |
Vendor | Microsoft | Last vendor Modification | 2011-03-02 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (March 2, 2011): Added a link to Microsoft Knowledge Base Article 2305420 under Known Issues in the Executive Summary.Summary: This security update resolves a publicly disclosed vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-092.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12304 | |||
Oval ID: | oval:org.mitre.oval:def:12304 | ||
Title: | Task Scheduler Vulnerability | ||
Description: | The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3338 | Version: | 8 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2012-07-19 | Windows Escalate Task Scheduler XML Privilege Escalation |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-15 | Name : Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420) File : nvt/secpod_ms10-092.nasl |
2010-12-15 | Name : Consent User Interface Privilege Escalation Vulnerability (2442962) File : nvt/secpod_ms10-100.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68518 | Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privileg... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is caused due to the Windows Task Scheduler failing to properly determine certain scheduled tasks' security context. This may be exploited by malicious, local, context-dependent attackers to gain escalated privileges via a crafted application. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-12-16 | IAVM : 2010-B-0110 - Microsoft Task Scheduler Elevation of Privilege Vulnerability Severity : Category II - VMSKEY : V0025862 |
Metasploit Database
id | Description |
---|---|
2020-02-08 | Windows Gather Applied Patches |
2010-09-13 | Windows Escalate Task Scheduler XML Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-12-15 | Name : A privilege escalation vulnerability exists in Windows Task Scheduler. File : smb_nt_ms10-092.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2016-03-13 21:24:03 |
|
2016-03-09 21:24:45 |
|
2016-03-09 17:23:36 |
|
2014-11-14 13:24:29 |
|
2014-02-17 11:46:46 |
|
2013-11-11 12:41:19 |
|