MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has multiple privilege escalation

Description :

The version of Tracing Feature for Services on the remote host has the
following vulnerabilities :

- Windows places incorrect ACLs on registry keys, which
could allow an attacker to execute code with elevated
privileges. (CVE-2010-2554)

- Memory is allocated in an unspecified, unsafe manner
when processing specially crafted long strings. An
attacker could exploit this to execute code with elevated
privileges. (CVE-2010-2555)

See also :

Solution :

Microsoft has released a set of patches for Windows Vista, 2008, 7,
and 2008 R2.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.0
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 48296 ()

Bugtraq ID: 42259

CVE ID: CVE-2010-2554