Vulnerability Name:

CVE-2010-3963 (CCN-63570)

Assigned:2010-12-14
Published:2010-12-14
Updated:2019-02-26
Summary:Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2010-3963

Source: OSVDB
Type: UNKNOWN
69823

Source: CCN
Type: SA42613
Microsoft Windows Routing and Remote Access NDProxy Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
42613

Source: CCN
Type: SECTRACK ID: 1024881
Windows Routing and Remote Access NDProxy Buffer Overflow Lets Local Users Gain Elevated Privileges

Source: CCN
Type: Microsoft Security Bulletin MS14-002
Vulnerability in Windows Kernel May Allow Elevation of Privilege (2914368)

Source: CCN
Type: Microsoft Security Bulletin MS10-099
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)

Source: CCN
Type: OSVDB ID: 69823
Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution

Source: BID
Type: UNKNOWN
45269

Source: CCN
Type: BID-45269
Microsoft Windows Kernel NDProxy Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1024881

Source: CERT
Type: US Government Resource
TA10-348A

Source: VUPEN
Type: Vendor Advisory
ADV-2010-3221

Source: MS
Type: UNKNOWN
MS10-099

Source: XF
Type: UNKNOWN
ms-win-ndproxy-bo(63570)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12461

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12461
    V
    		Kernel NDProxy Buffer Overflow Vulnerability
    2011-02-14
    BACK
    microsoft windows 2003 server * sp2
    microsoft windows server 2003 * sp2
    microsoft windows xp * sp3
    microsoft windows xp - sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2
    microsoft windows xp sp3