Executive Summary

Summary
Title Vulnerability in Hyper
Informations
Name MS10-102 First vendor Publication 2010-12-14
Vendor Microsoft Last vendor Modification 2011-01-12
Severity (Vendor) Important Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.1 (January 12, 2011): Added an update FAQ to clarify that the update can only be installed on affected operating systems with the Hyper-V role enabled.Summary: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS10-102.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12359
 
Oval ID: oval:org.mitre.oval:def:12359
Title: Hyper-V VMBus Vulnerability
Description: Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3960
Version: 10
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3

ExploitDB Exploits

id Description
2011-06-14 MS HyperV Persistent DoS Vulnerability

Open Source Vulnerability Database (OSVDB)

Id Description
69818 Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS

Microsoft Windows contains a flaw that may allow a local denial of service. The issue is triggered when a validation error when processing encapsulated packets sent to the VMBus communication channel occurs. This may allow an attacker to use a specially crafted packet to cause a loss of availability for the Hyper-V server and all guest virtual machines.

Nessus® Vulnerability Scanner

Date Description
2010-12-15 Name : The remote host has a denial of service vulnerability.
File : smb_nt_ms10-102.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:46:49
  • Multiple Updates