MS10-048: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
High Nessus Plugin ID 48285
SynopsisThe Windows kernel is affected by several vulnerabilities that could allow escalation of privileges.
DescriptionThe remote Windows host is running a version of the Windows kernel that is affected by one or more of the following vulnerabilities :
- Improper valiation of an argument passed to a system call can result in a denial of service. (CVE-2010-1887)
- Certain unspecified exceptions are not properly handled which could result in arbitrary code execution in the kernel. (CVE-2010-1894)
- Memory is not properly allocated when making a copy from user mode, which could result in an elevation of privileges. (CVE-2010-1895)
- Unspecified input from user mode is not properly validated, which could result in arbitrary code execution in the kernel. (CVE-2010-1896)
- Unspecified parameters are not properly validated when creating a new window, which could result in arbitrary code execution in the kernel.
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.