First published: Wed Apr 14 2010(Updated: )
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows 2000 | =sp4 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Vista | ||
Microsoft Windows Vista |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-0235 has a severity rating that can lead to local denial of service attacks.
To mitigate CVE-2010-0235, it is recommended to apply the latest security updates provided by Microsoft for the affected versions.
CVE-2010-0235 affects Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, and Windows Vista.
CVE-2010-0235 enables a local user to execute a denial of service attack resulting in system reboot.
Yes, Microsoft released patches to address the vulnerability in CVE-2010-0235 which should be applied promptly.