Vulnerability CVE-2010-1890

Vulnerability CVE-2010-1890

Published: 2010-08-11 Modified: 2012-02-13

Description:

The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."

See advisories in our WLB2 database:

	Topic	Author	Date
Low	Microsoft Windows Missed ACE Bounds Checks (MS10-047)	Tavis Ormandy	18.08.2010

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.6/10	6.9/10	3.1/10

Exploit range	Attack complexity	Authentication
Local	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
None	None	Complete

Affected software
Microsoft -> Windows 7
Microsoft -> Windows server 2008
Microsoft -> Windows vista

References:

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11789

Copyright 2024, cxsecurity.com