ID CVE-2010-2743
Summary The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
CVSS
Base: 7.2 (as of 26-02-2019 - 14:04)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-03-03T04:01:23.511-05:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:5254
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6124
  • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6216
  • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5653
  • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5594
  • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6150
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
description The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
family windows
id oval:org.mitre.oval:def:7514
status accepted
submitted 2010-08-10T13:00:00
title Win32k Keyboard Layout Vulnerability
version 76
refmap via4
cert TA10-285A
ms MS10-073
Last major update 26-02-2019 - 14:04
Published 20-01-2011 - 21:00
Back to Top