CVE-2010-0235 : The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and V

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."

Published 2010-04-14 16:00:01

Updated 2025-04-11 00:51:22

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2010-0235

Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » X64 Edition
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Vista
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2010-0235

EPSS FAQ

0.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2010-0235

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.7	MEDIUM	AV:L/AC:M/Au:N/C:N/I:N/A:C	3.4	6.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2010-0235

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0235

http://www.securitytracker.com/id?1023850

Windows Kernel Flaws Let Local Users Gain Elevated Privileges and Deny Service - SecurityTracker

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021

Microsoft Security Bulletin MS10-021 - Important | Microsoft Docs

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7509

Repository / Oval Repository
http://secunia.com/advisories/39373

Sign in

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA10-103A.html

Alerts | CISA
US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2010-0235

Products affected by CVE-2010-0235

Exploit prediction scoring system (EPSS) score for CVE-2010-0235

CVSS scores for CVE-2010-0235

CWE ids for CVE-2010-0235

References for CVE-2010-0235