Lucene search

K
cve[email protected]CVE-2010-2554
HistoryAug 11, 2010 - 6:47 p.m.

CVE-2010-2554

2010-08-1118:47:50
CWE-264
web.nvd.nist.gov
42
cve-2010-2554
tracing feature
microsoft windows
acl vulnerability
security
nvd

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

19.1%

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka “Tracing Registry Key ACL Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_7Match-
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008r2itanium
OR
microsoftwindows_server_2008r2x64
OR
microsoftwindows_server_2008sp2x32
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
VendorProductVersionCPE
microsoftwindows_server_2008cpe:/o:microsoft:windows_server_2008::r2::
microsoftwindows_server_2008cpe:/o:microsoft:windows_server_2008::::
microsoftwindows_vistacpe:/o:microsoft:windows_vista::sp1::
microsoftwindows_vista-cpe:/o:microsoft:windows_vista:-:sp1::
microsoftwindows_vista-cpe:/o:microsoft:windows_vista:-:sp2::
microsoftwindows_server_2008cpe:/o:microsoft:windows_server_2008::sp2::
microsoftwindows_server_2008-cpe:/o:microsoft:windows_server_2008:-:sp2::
microsoftwindows_7-cpe:/o:microsoft:windows_7:-:::
microsoftwindows_vistacpe:/o:microsoft:windows_vista::sp2::

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

19.1%