ID CVE-2010-0236
Summary The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Windows XP Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64
  • Microsoft Windows 2003 Server Service Pack 2
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2
  • Microsoft Windows 2003 Server Service Pack 2 Itanium
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • cpe:2.3:o:microsoft:windows_vista:-:x64
    cpe:2.3:o:microsoft:windows_vista:-:x64
CVSS
Base: 7.2 (as of 15-04-2010 - 15:37)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS10-021
bulletin_url
date 2010-04-13T00:00:00
impact Elevation of Privilege
knowledgebase_id 979683
knowledgebase_url
severity Important
title Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS10-021.NASL
description The remote Windows host is running a version of the Windows kernel that is affected by eight vulnerabilities : - A denial of service vulnerability exists in the Windows kernel due to the insufficient validation of registry keys passed to a Windows kernel system call. (CVE-2010-0234) - A denial of service vulnerability exists in the Windows kernel due to the manner in which the kernel processes the values of symbolic links. (CVE-2010-0235) - An elevation of privilege vulnerability exists in the Windows kernel due to the manner in which memory is allocated when extracting a symbolic link from a registry key. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. (CVE-2010-0236) - An elevation of privilege vulnerability exists when the Windows kernel does not properly restrict symbolic link creation between untrusted and trusted registry hives. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. (CVE-2010-0237) - A denial of service vulnerability exists in the way that the Windows kernel validates registry keys. (CVE-2010-0238) - A denial of service vulnerability exists in the Windows kernel due to the way that the kernel resolves the real path for a registry key from its virtual path. (CVE-2010-0481) - A denial of service vulnerability exists in the Windows kernel due to the improper validation of specially crafted image files. (CVE-2010-0482) - A denial of service vulnerability exists in the Windows kernel due to the way that the kernel handles certain exceptions. (CVE-2010-0810)
last seen 2019-02-21
modified 2018-11-15
plugin id 45508
published 2010-04-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=45508
title MS10-021: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
oval via4
accepted 2010-06-07T04:00:28.461-04:00
class vulnerability
contributors
name Dragos Prisaca
organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
description The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
family windows
id oval:org.mitre.oval:def:7113
status accepted
submitted 2010-03-13T13:00:00
title Windows Kernel Memory Allocation Vulnerability
version 68
refmap via4
cert TA10-103A
ms MS10-021
sectrack 1023850
secunia 39373
Last major update 21-08-2010 - 00:00
Published 14-04-2010 - 12:00
Last modified 26-02-2019 - 09:04
Back to Top