MS10-100 MS10-100 - Important: Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
Important2010-12-14 Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Consent User Interface (UI). The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2010-12-16
Updated
2023-12-07