CVE-2012-0178

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."

References

http://osvdb.org/81735

http://secunia.com/advisories/49115

http://www.securityfocus.com/bid/53378

http://www.securitytracker.com/id?1027043

http://www.us-cert.gov/cas/techalerts/TA12-129A.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-033

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15229

Details

Source: MITRE

Published: 2012-05-09

Updated: 2020-09-28

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
59041MS12-033: Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)NessusWindows : Microsoft Bulletins
medium