Vulnerability Details : CVE-2010-3944
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
Vulnerability category: Memory CorruptionInput validation
Exploit prediction scoring system (EPSS) score for CVE-2010-3944
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3944
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2010-3944
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3944
-
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098
Microsoft Security Bulletin MS10-098 - Important | Microsoft Docs
-
http://www.securitytracker.com/id?1024880
Windows Kernel Buffer Overflows and Memory Corruption Errors Let Local Users Gain Elevated Privileges - SecurityTracker
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12184
Repository / Oval Repository
Products affected by CVE-2010-3944
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*