CVE-2010-1891
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
15/09/2010
Last modified:
11/04/2025
Description
The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
Impact
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-069
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7536
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-069
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7536