Vulnerability Name: | CVE-2010-1891 (CCN-61518) | ||||||||
Assigned: | 2010-09-14 | ||||||||
Published: | 2010-09-14 | ||||||||
Updated: | 2019-02-26 | ||||||||
Summary: | The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2010-1891 Source: CCN Type: SA41420 Microsoft Windows Client/Server Runtime Subsystem Privilege Escalation Source: CCN Type: Microsoft Security Bulletin MS13-019 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113) Source: CCN Type: Microsoft Security Bulletin MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917) Source: CCN Type: Microsoft Security Bulletin MS13-077 Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339) Source: CCN Type: Microsoft Security Bulletin MS10-069 Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546) Source: CCN Type: Microsoft Security Bulletin MS11-056 Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938) Source: CCN Type: Microsoft Security Bulletin MS11-063 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) Source: CCN Type: Microsoft Security Bulletin MS12-003 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) Source: CCN Type: BID-43121 Microsoft Windows CSRSS Memory Allocation Local Privilege Escalation Vulnerability Source: MS Type: UNKNOWN MS10-069 Source: XF Type: UNKNOWN ms-win-csrss-priv-escalation(61518) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7536 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |