CVE-2010-3961

Severity

72%

Complexity

39%

Confidentiality

165%

The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 14 years ago

2010-12-16 19:33:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Microsoft Windows 7

Microsoft Windows Server 2008 Itanium

Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 x64 (64-bit) (intial release)

Windows Server 2008 Service Pack 2 for 32-bit systems

Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)

Microsoft Windows Server 2008 Service Pack 2 for Itanium-Based Systems

Windows Server 2008 R2 for Itanium-based Systems

r2

Windows Server 2008 R2 for 32-bit Systems

r2

Microsoft Windows Vista Service Pack 1 (initial release)

Microsoft Windows Vista Service Pack 1 x64 (64-bit)

Microsoft Windows Vista Service Pack 2

Microsoft Windows Vista Service Pack 2 x64 (64-bit)

References

69824

42614

Vendor Advisory

45318

1024882

TA10-348A

US Government Resource

ADV-2010-3222