CVE-2010-1895

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2

Description The issue arises from improper memory allocation by Windows kernel-mode drivers when copying data from user mode to kernel mode. This allows local users to potentially gain privileges through a crafted application. An attacker who successfully exploits this could run arbitrary code in kernel mode, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a version that properly allocates memory when copying from user mode to prevent exploitation. For Microsoft Windows Server 2003 version SP2, apply the necessary patch to fix the memory allocation issue in kernel-mode drivers.