The host is installed with Microsoft Windows operating system and is prone to Privilege Escalation Vulnerability. This NVT has been replaced by NVT secpod_ms10-015.nasl (OID:1.3.6.1.4.1.25623.1.0.900740).

Successful exploitation will allow remote attackers to bypass certain security restrictions or can gain escalated privileges via specially crafted attack. Impact Level: System.

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

This issue is due to the kernel not properly handling certain exceptions when setting up a VDM (Virtual DOS Machine) context, which allows users to gain kernel privileges by setting up a crafted 'DM_TIB' in their 'TEB' and reach the 'Ki386BiosCallReturnAddress()' function via the '#GP trap handler (nt!KiTrap0D)'.

Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2000 Service Pack 4 and prior. Microsoft Windows Server 2003 Service Pack 2 and prior.

• http://foro.elhacker.net/bugs_y_exploits/0day_m_iquestcve20100232-t281831.0.html
• http://isc.sans.org/diary.html?storyid=8050
• http://www.microsoft.com/technet/security/advisory/979682.mspx
• http://www.vupen.com/english/advisories/2010/0179

---

Updated on 2015-03-25