Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Tracing Feature for Services security vulnerabilities
Published:11.08.2010
Source:
SecurityVulns ID:11057
Type:local
Threat Level:
5/10
Description:Weak permissions on registry keys, buffer overflow on registry keys reading.
Affected:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability.")
 CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-059 - Important Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) (11.08.2010)
Files:Microsoft Security Bulletin MS10-059 - Important Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod