CVE-2010-2555

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through SP2 and R2 Microsoft Windows 7 (affected versions not specified)

Description The issue arises from the Tracing Feature for Services not properly determining the length of strings in the registry. This allows local users to gain privileges or cause a denial of service through memory corruption by using a long string. An elevation of privilege vulnerability exists due to the way the Tracing Feature for Services allocates memory when processing specially crafted long strings from the registry. An attacker who successfully exploits this could run arbitrary code with system-level privileges, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows Vista versions SP1 through SP2, update to a version that includes the fix for the Tracing Memory Corruption Vulnerability. For Microsoft Windows Server 2008 versions Gold through SP2 and R2, apply the necessary patch to resolve the elevation of privilege vulnerability. For Microsoft Windows 7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.