CVE-2010-3939

Name of the Vulnerable Software and Affected Versions Windows XP versions SP2 through SP3 Windows Server 2003 version SP2 Windows Vista versions SP1 through SP2 Windows Server 2008 versions Gold through SP2 and R2 Windows 7 (affected versions not specified)

Description The issue is related to improper memory allocation for copies from user mode, allowing local users to gain privileges. An elevation of privilege vulnerability exists in the way that Windows kernel-mode drivers improperly allocate memory when copying data from user mode. An attacker who successfully exploited this issue could run arbitrary code in kernel mode, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Windows XP versions SP2 through SP3, update to a version that includes the fix for this issue. For Windows Server 2003 version SP2, apply the recommended patch to resolve the issue. For Windows Vista versions SP1 through SP2, install the update that addresses the kernel-mode driver memory allocation vulnerability. For Windows Server 2008 versions Gold through SP2 and R2, apply the necessary security update to fix the issue. For Windows 7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.