CVE-2010-2793

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
redhatspice-activex
-
redhatenterprise_virtualization_manager
𝑥
≤ 2.2.3
redhatenterprise_virtualization_manager
2.1
redhatenterprise_virtualization_manager
2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securitytracker.com/id?1024825
http://www.securityfocus.com/bid/45213
https://bugzilla.redhat.com/show_bug.cgi?id=620355
https://rhn.redhat.com/errata/RHSA-2010-0818.html
http://securitytracker.com/id?1024825
http://www.securityfocus.com/bid/45213
https://bugzilla.redhat.com/show_bug.cgi?id=620355
https://rhn.redhat.com/errata/RHSA-2010-0818.html