CVE-2010-2793

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:spice-activex:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_virtualization_manager:2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_virtualization_manager:2.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-12-08 18:00

Updated : 2024-02-04 17:54


NVD link : CVE-2010-2793

Mitre link : CVE-2010-2793

CVE.ORG link : CVE-2010-2793


JSON object : View

Products Affected

redhat

  • enterprise_virtualization_manager
  • spice-activex
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')