ID CVE-2010-1888
Summary Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
CVSS
Base: 6.8 (as of 12-08-2010 - 13:11)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047). CVE-2010-1888. Dos exploit for windows platform
id EDB-ID:14666
last seen 2016-02-01
modified 2010-08-17
published 2010-08-17
reporter Tavis Ormandy
source https://www.exploit-db.com/download/14666/
title Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment MS10-047
msbulletin via4
bulletin_id MS10-047
bulletin_url
date 2010-08-10T00:00:00
impact Elevation of Privilege
knowledgebase_id 981852
knowledgebase_url
severity Important
title Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS10-047.NASL
description The remote Windows host is running a version of the Windows kernel that is affected by one or more of the following vulnerabilities : - A race condition when creating certain types of kernel threads may allow a local attacker to execute arbitrary code in kernel mode and take complete control of the affected system. (CVE-2010-1888) - A double free vulnerability when the kernel initializes objects while handling certain errors may allow a local attacker to execute arbitrary code in kernel mode and take complete control of the affected system. (CVE-2010-1889) - A failure to properly validate access control lists on kernel objects may allow a local attacker to cause the system to become unresponsive and automatically restart. (CVE-2010-1890)
last seen 2019-02-21
modified 2018-11-15
plugin id 48284
published 2010-08-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=48284
title MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
oval via4
accepted 2010-09-27T04:00:13.737-04:00
class vulnerability
contributors
name Dragos Prisaca
organization Symantec Corporation
definition_extensions
comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631
description Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."
family windows
id oval:org.mitre.oval:def:11825
status accepted
submitted 2010-08-10T13:00:00
title Windows Kernel Data Initialization Vulnerability
version 68
packetstorm via4
data source https://packetstormsecurity.com/files/download/92839/mswinntcreatethread-racecondition.txt
id PACKETSTORM:92839
last seen 2016-12-05
published 2010-08-17
reporter Tavis Ormandy
source https://packetstormsecurity.com/files/92839/Microsoft-Windows-nt-NtCreateThread-Race-Condition.html
title Microsoft Windows nt!NtCreateThread Race Condition
refmap via4
cert TA10-222A
ms MS10-047
Last major update 17-09-2010 - 01:47
Published 11-08-2010 - 14:47
Last modified 12-10-2018 - 17:57
Back to Top