CVE-2010-2554

Published: Aug 11, 2010Modified: Apr 29, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."

Affected (13)

Products: Microsoft: Windows 7, Windows Server 2008, Windows Vista

3 products

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions

Related CWEs

CWE-264

References (4)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12082

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12082

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.