Lucene search

PRIOn knowledge basePRION:CVE-2010-1896

HistoryAug 11, 2010 - 6:47 p.m.

Input validation

2010-08-1118:47:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

15.5%

JSON

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka “Win32k User Input Validation Vulnerability.”

CPENameOperatorVersion
windows_server_2008eq sp2itanium
windows_vistaeq- sp1
windows_xpeq sp2x64

Name	Operator	Version
windows_server_2008	eq	sp2itanium
windows_vista	eq	- sp1
windows_xp	eq	sp2x64

References

www.us-cert.gov/cas/techalerts/TA10-222A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12006

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

15.5%

JSON

Related for PRION:CVE-2010-1896