CVE-2010-2793:spice-activex: Race condition in the SPICE (aka spice-activex) plu...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2793

spice-activex: Race condition in the SPICE (aka spice-activex) plu...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2793

Original

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-08

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-09

Affected Product Tags

cpe:/a:microsoft:ie

cpe:/a:redhat:enterprise_virtualization_manager:2.1

cpe:/a:redhat:enterprise_virtualization_manager:2.2

cpe:/a:redhat:enterprise_virtualization_manager:2.2.3 and previous versions

cpe:/a:redhat:spice-activex

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 45213

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=620355

REDHAT RHSA-2010:0818

SECTRACK 1024825

Vulnerability Type Race Conditions (CWE-362)