CVE-2010-2554 : The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Wind

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."

Published 2010-08-11 18:47:51

Updated 2023-12-07 18:38:57

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-2554

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 16 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2554

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:L/AC:L/Au:S/C:C/I:C/A:C	3.1	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-2554

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2554

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12082

Repository / Oval Repository
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059

Microsoft Security Bulletin MS10-059 - Important | Microsoft Docs

CVEs referencing this url

Products affected by CVE-2010-2554

Microsoft » Windows Vista » Update SP2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP1
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update R2 X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » X32 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update R2 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2 X32 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-2554

Exploit prediction scoring system (EPSS) score for CVE-2010-2554

CVSS scores for CVE-2010-2554

CWE ids for CVE-2010-2554

References for CVE-2010-2554

Products affected by CVE-2010-2554