CVE-2010-2793

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:spice-activex:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_virtualization_manager:2.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_virtualization_manager:2.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:17

Type Values Removed Values Added
References () http://securitytracker.com/id?1024825 - () http://securitytracker.com/id?1024825 -
References () http://www.securityfocus.com/bid/45213 - () http://www.securityfocus.com/bid/45213 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=620355 - () https://bugzilla.redhat.com/show_bug.cgi?id=620355 -
References () https://rhn.redhat.com/errata/RHSA-2010-0818.html - () https://rhn.redhat.com/errata/RHSA-2010-0818.html -

Information

Published : 2010-12-08 18:00

Updated : 2024-11-21 01:17


NVD link : CVE-2010-2793

Mitre link : CVE-2010-2793

CVE.ORG link : CVE-2010-2793


JSON object : View

Products Affected

redhat

  • enterprise_virtualization_manager
  • spice-activex
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')