← Voltar para CVEs
CVE-2010-2549
N/ADescricao
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado7/2/2010
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
microsoft:windows_server_2008microsoft:windows_vista
Fraquezas (CWE)
CWE-399
Referencias
http://osvdb.org/66003(secure@microsoft.com)
http://seclists.org/fulldisclosure/2010/Jul/3(secure@microsoft.com)
http://secunia.com/advisories/40421(secure@microsoft.com)
http://www.exploit-db.com/exploits/14156(secure@microsoft.com)
http://www.securityfocus.com/bid/41280(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA10-285A.html(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60120(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12215(secure@microsoft.com)
http://osvdb.org/66003(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2010/Jul/3(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40421(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/14156(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/41280(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA10-285A.html(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60120(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12215(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.