CVE Vulnerabilities

CVE-2010-2549

Published: Jul 02, 2010 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka Win32k Reference Count Vulnerability.

Affected Software

Name Vendor Start Version End Version
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft - -
Windows_vista Microsoft * *
Windows_vista Microsoft * *
Windows_vista Microsoft * *
Windows_vista Microsoft * *

References