CVE-2010-3961 - OpenCVE

The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 7 Windows Server 2008 Windows Vista

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x32:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2::itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008:r2::x64:::::
	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*

No data.

References

Link	Providers
http://osvdb.org/69824
http://secunia.com/advisories/42614
http://www.securityfocus.com/bid/45318
http://www.securitytracker.com/id?1024882
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
http://www.vupen.com/english/advisories/2010/3222
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12323

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2010-12-16T19:00:00

Updated: 2024-08-07T03:26:12.259Z

Reserved: 2010-10-14T00:00:00

Link: CVE-2010-3961

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-12-16T19:33:03.287

Modified: 2023-12-07T18:38:56.693

Link: CVE-2010-3961

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka \"Consent UI Impersonation Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "42614", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42614"}, {"name": "TA10-348A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"}, {"name": "oval:org.mitre.oval:def:12323", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12323"}, {"name": "ADV-2010-3222", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3222"}, {"name": "1024882", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024882"}, {"name": "45318", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45318"}, {"name": "MS10-100", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-100"}, {"name": "69824", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/69824"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2010-3961", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka \"Consent UI Impersonation Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "42614", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42614"}, {"name": "TA10-348A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"}, {"name": "oval:org.mitre.oval:def:12323", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12323"}, {"name": "ADV-2010-3222", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3222"}, {"name": "1024882", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024882"}, {"name": "45318", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45318"}, {"name": "MS10-100", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-100"}, {"name": "69824", "refsource": "OSVDB", "url": "http://osvdb.org/69824"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:26:12.259Z"}, "title": "CVE Program Container", "references": [{"name": "42614", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42614"}, {"name": "TA10-348A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"}, {"name": "oval:org.mitre.oval:def:12323", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12323"}, {"name": "ADV-2010-3222", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3222"}, {"name": "1024882", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024882"}, {"name": "45318", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45318"}, {"name": "MS10-100", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-100"}, {"name": "69824", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/69824"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2010-3961", "datePublished": "2010-12-16T19:00:00", "dateReserved": "2010-10-14T00:00:00", "dateUpdated": "2024-08-07T03:26:12.259Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*", "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*", "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*", "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka \"Consent UI Impersonation Vulnerability.\""}, {"lang": "es", "value": "La Interfaz de Usuario (UI) Consent en Microsoft Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2 y R2, y Windows 7 no maneja de manera apropiada un valor de clave de registro no espec\u00edfico, lo que permite a los usuarios locales con derechos SeImpersonatePrivilege obtener privilegios por medio de una aplicaci\u00f3n creada, tambi\u00e9n conocida como \"Consent UI Impersonation Vulnerability.\""}], "id": "CVE-2010-3961", "lastModified": "2023-12-07T18:38:56.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-16T19:33:03.287", "references": [{"source": "secure@microsoft.com", "url": "http://osvdb.org/69824"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42614"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/45318"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1024882"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3222"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-100"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12323"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}