Vulnerability Name: CVE-2010-0232 (CCN-55742) Assigned: 2010-01-19 Published: 2010-01-19 Updated: 2019-02-26 Summary: The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." CVSS v3 Severity: 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C 5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C 5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-264 Vulnerability Consequences: Gain Privileges References: Source: CCNMicrosoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx CVE-2010-0232 [dailydave] 20100119 We hold these axioms to be self evident http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip 20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack Microsoft Windows "KiTrap0D" Privilege Escalation Vulnerability 38265 Windows Kernel #GP Trap Handler Flaw Lets Local Users Gain Elevated Privileges 1023471 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167) http://www.microsoft.com/technet/security/advisory/979682.mspx Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) Microsoft Windows 20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack 37864 Microsoft Windows #GP Trap Handler Local Privilege Escalation Vulnerability TA10-040A ADV-2010-0179 MS10-015 ms-win-gptrap-privilege-escalation(55742) ms-win-gptrap-privilege-escalation(55742) oval:org.mitre.oval:def:8344 Windows SYSTEM Escalation Via KiTrap0D KNOWN EXPLOITED VULNERABILITIES CATALOG Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_2000:sp4:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_nt:3.1:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:sp1:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:sp2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:windows_nt:4.0:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:*:* OR cpe:/o:microsoft:windows_nt:3.1:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista::sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:::x32:*:*:*:*:* Oval Definitions BACK
microsoft windows 2000 sp4
microsoft windows 7 -
microsoft windows nt 3.1
microsoft windows server 2003 * sp2
microsoft windows server 2008 *
microsoft windows server 2008 *
microsoft windows server 2008 *
microsoft windows server 2008 * sp2
microsoft windows server 2008 - sp2
microsoft windows server 2008 sp2 x32
microsoft windows vista *
microsoft windows vista *
microsoft windows vista * sp1
microsoft windows vista * sp2
microsoft windows vista sp1
microsoft windows vista sp2
microsoft windows xp -
microsoft windows xp - sp2
microsoft windows xp sp3
microsoft windows nt 4.0
microsoft windows 2000 sp4
microsoft windows xp sp2
microsoft windows vista
microsoft windows server_2003
microsoft windows nt 3.1
microsoft windows vista sp1
microsoft windows xp sp3
microsoft windows vista sp2
microsoft windows 7
Denotes that component is vulnerable