CVE-2010-0485

moderate-risk

Published 2010-06-08

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."

Do I need to act?

1.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Windows Xp

Windows 2003 Server

Windows Vista

Windows 7

Windows Server 2008

Windows 2000

Windows Xp

Windows Vista

Windows Server 2008

Affected Vendors

Microsoft

References (8)

http://www.opera.com/support/kb/view/954/

US Government Resource http://www.us-cert.gov/cas/techalerts/TA10-159B.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-03...

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...

http://www.opera.com/support/kb/view/954/

US Government Resource http://www.us-cert.gov/cas/techalerts/TA10-159B.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-03...

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 20/34 · Moderate