CVE-2010-1896
moderate-risk
Published 2010-08-11
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
Do I need to act?
-
0.99% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10
High
LOCAL
/ LOW complexity
Affected Products (14)
Affected Vendors
References (6)
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
47
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
18/34 · Moderate