Vulnerability Details : CVE-2010-3960
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3960
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 30 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3960
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2010-3960
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3960
-
http://www.vupen.com/english/advisories/2010/3224
Webmail | OVH- OVHVendor Advisory
-
http://www.securitytracker.com/id?1024884
Microsoft Hyper-V Input Validation Flaw Lets Local Guest Operating System Users Deny Service - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-102
Microsoft Security Bulletin MS10-102 - Important | Microsoft Docs
-
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.securityfocus.com/bid/45293
Microsoft Hyper-V VMBus Denial of Service Vulnerability
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12359
Repository / Oval Repository
Products affected by CVE-2010-3960
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*