CVE-2010-2729

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP1 and SP2 Microsoft Windows Server 2008 Gold, SP2, and R2 Microsoft Windows 7

Description The issue arises from the Print Spooler service's failure to properly validate spooler access permissions when printer sharing is enabled. This allows remote attackers to create files in a system directory and execute arbitrary code by sending a crafted print request over RPC. The vulnerability has been exploited in the wild. It is caused by insufficient input validation, which could enable a remote attacker to execute arbitrary code. If successfully exploited, an attacker could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts.

Recommendations For Microsoft Windows XP SP2 and SP3, apply the security update from Microsoft to fix the vulnerability. For Microsoft Windows Server 2003 SP2, apply the security update from Microsoft to fix the vulnerability. For Microsoft Windows Vista SP1 and SP2, apply the security update from Microsoft to fix the vulnerability. For Microsoft Windows Server 2008 Gold, SP2, and R2, apply the security update from Microsoft to fix the vulnerability. For Microsoft Windows 7, apply the security update from Microsoft to fix the vulnerability.