CVE-2010-1888

Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA10-222A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11825
http://www.us-cert.gov/cas/techalerts/TA10-222A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11825

Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

History

21 Nov 2024, 01:15

Type	Values Removed	Values Added
References	~~() http://www.us-cert.gov/cas/techalerts/TA10-222A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA10-222A.html - US Government Resource
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11825 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11825 -

Information

Published : 2010-08-11 18:47

Updated : 2024-11-21 01:15

NVD link : CVE-2010-1888

Mitre link : CVE-2010-1888

CVE.ORG link : CVE-2010-1888

JSON object : View

Products Affected

microsoft

windows_xp

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2010-1888", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-11T18:47:49.983", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11825", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11825", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka \"Windows Kernel Data Initialization Vulnerability.\""}, {"lang": "es", "value": "Condici\u00f3n de carrera en el kernel de Microsoft Windows XP SP3 permite a los usuarios locales elevar sus privilegios a trav\u00e9s de vectores relacionados con la creaci\u00f3n de hilos, tambi\u00e9n conocido como \"Vulnerabilidad Windows Kernel Data Initialization\"."}], "lastModified": "2024-11-21T01:15:24.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}