NASLDB: MS10-099: Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
General
ID: 51171
Name: MS10-099: Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
Summary: Checks the version of Ndproxy.sys
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: 139
Family: Windows : Microsoft Bulletins
Type: Local
Description
The Routing and Remote Access NDProxy component of the remote Windows
host does not properly validate user supplied input when passing data
from user mode to the kernel.
An attacker who can log on locally to the affected system can exploit
this to run arbitrary code in kernel mode.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2010-3963
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2010/12/14
Patch Release: 2010/12/14
Plugin Release: 2010/12/15
Plugin
Version: 1.14
Filename: smb_nt_ms10-099.nasl
Filesize: 3686 bytes
MD5 Hash: a86112b59485195e0f4447f047ae93fc
Identification: Host/patch_management_checks
Require Keys: SMB/MS_Bulletin_Checks/Possible
Dependencies: "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"
Copyright: This script is Copyright© 2010-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack