Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Windows Kernel |
Informations | |||
---|---|---|---|
Name | MS10-098 | First vendor Publication | 2010-12-14 |
Vendor | Microsoft | Last vendor Modification | 2010-12-14 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (December 14, 2010): Bulletin publishedSummary: This security update resolves one publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-098.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
17 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11762 | |||
Oval ID: | oval:org.mitre.oval:def:11762 | ||
Title: | Win32k WriteAV Vulnerability | ||
Description: | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3942 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11959 | |||
Oval ID: | oval:org.mitre.oval:def:11959 | ||
Title: | Win32k Double Free Vulnerability | ||
Description: | Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3941 | Version: | 8 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12184 | |||
Oval ID: | oval:org.mitre.oval:def:12184 | ||
Title: | Win32k Memory Corruption Vulnerability | ||
Description: | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3944 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12194 | |||
Oval ID: | oval:org.mitre.oval:def:12194 | ||
Title: | Win32k PFE Pointer Double Free Vulnerability | ||
Description: | Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3940 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12252 | |||
Oval ID: | oval:org.mitre.oval:def:12252 | ||
Title: | Win32k Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3939 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12317 | |||
Oval ID: | oval:org.mitre.oval:def:12317 | ||
Title: | Win32k Cursor Linking Vulnerability | ||
Description: | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3943 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-12-17 | Windows Win32k Pointer Dereferencement PoC (MS10-098) |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-15 | Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673) File : nvt/secpod_ms10-098.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69802 | Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escal... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered due to the way kernel-mode drivers manage kernel-mode driver objects. This may allow a local attacker to gain elevated privileges and execute arbitrary code in kernel mode. |
69801 | Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the kernel-mode drivers improperly allocate memory when copying data from user mode. This allows a local attacker to gain elevated privileges and to execute arbitrary code in kernel mode. |
69800 | Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered whena double-free erorr in the 'win32k.sys' driver occurs when running 16-bit programs, allowing a local attacker to execute arbitrary code. |
69799 | Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a double-free error in the 'win32k.sys' driver when handling PFE objects occurs, allowing a local attacker to execute arbitrary code. |
69798 | Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Es... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the kernel-mode drivers improperly validate input passed from user mode. This can allow a local attacker to gain elevated privileges and execute arbitrary code in kernel mode. |
69797 | Microsoft Windows win32k.sys Unspecified Local Overflow Microsoft Windows contains a memory allocation error in the 'win32k.sys' driver when copying data that may allow an attacker to gain elevated privileges and execute arbitrary code in the kernel. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-12-15 | Name : A privilege escalation vulnerability exists in the Windows kernel. File : smb_nt_ms10-098.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:48 |
|