Vulnerability Details : CVE-2010-3963
Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2010-3963
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3963
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2010-3963
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3963
-
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-099
Microsoft Security Bulletin MS10-099 - Important | Microsoft Docs
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12461
Repository / Oval Repository
-
http://www.securityfocus.com/bid/45269
Microsoft Windows Kernel NDProxy Local Privilege Escalation Vulnerability
-
http://www.securitytracker.com/id?1024881
Windows Routing and Remote Access NDProxy Buffer Overflow Lets Local Users Gain Elevated Privileges - SecurityTracker
-
http://www.vupen.com/english/advisories/2010/3221
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-3963
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*