Improper Data Validation in Microsoft Windows Kernel Leading to Code Execution
CVE-2010-0484

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000
Vendor: CVE Published:; 8 June 2010

What is CVE-2010-0484?

The Windows kernel-mode drivers in win32k.sys for various versions of Microsoft Windows, including Windows 2000 and XP, contain a flaw that improperly validates changes in certain kernel objects. This vulnerability allows local users to execute arbitrary code through multiple vectors associated with Device Contexts (DC) and the GetDCEx function. Exploiting this vulnerability could potentially allow attackers to gain elevated privileges and manipulate system-level processes.

References

http://www.securityfocus.com/archive/1/511769/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.opera.com/support/kb/view/954/

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 8, 2010
Vulnerability Reserved
Feb 2, 2010