Vulnerability Description
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Spice-Activex | - |
| Redhat | Enterprise Virtualization Manager | <= 2.2.3 |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1024825
- http://www.securityfocus.com/bid/45213
- https://bugzilla.redhat.com/show_bug.cgi?id=620355
- https://rhn.redhat.com/errata/RHSA-2010-0818.html
- http://securitytracker.com/id?1024825
- http://www.securityfocus.com/bid/45213
- https://bugzilla.redhat.com/show_bug.cgi?id=620355
- https://rhn.redhat.com/errata/RHSA-2010-0818.html
FAQ
What is CVE-2010-2793?
CVE-2010-2793 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and co...
How severe is CVE-2010-2793?
CVE-2010-2793 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2793?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Spice-Activex, Redhat Enterprise Virtualization Manager.