MS10-059 Vulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799)
Important - Elevation of Privilege This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
Max CVSS
6.8
EPSS Score
0.05%
Published
2010-08-11
Updated
2023-12-07
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
Max CVSS
6.8
EPSS Score
0.04%
Published
2010-08-11
Updated
2023-12-07