[VIM] CVE-2010-1795 vs CVE-2010-1894
Carsten Eiram
che at secunia.com
Wed Jul 27 08:41:18 CDT 2011
Just noticed this thread and decided to consult our internal comments. I can see that I was in dialogue with Microsoft back in 2010 concerning this as our analysis indicated that CVE-2010-1735 and CVE-2010-1894 covered the same vulnerability. Microsoft confirmed this to be the case.
cheers,
/Carsten
--
Med venlig hilsen / Kind regards
Carsten H. Eiram
Chief Security Specialist
Follow us on twitter
http://twitter.com/secunia
http://twitter.com/carsteneiram
Secunia
Mikado House
Rued Langgaardsvej 8
2300 Copenhagen S
Denmark
Phone +45 7020 5144
Fax +45 7020 5145
> -----Original Message-----
> From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On
> Behalf Of George A. Theall
> Sent: 27. juli 2011 15:31
> To: Vulnerability Information Managers
> Subject: Re: [VIM] CVE-2010-1795 vs CVE-2010-1894
>
>
> On Jan 20, 2011, at 7:01 PM, Steven M. Christey wrote:
>
> >
> > George,
> >
> > I assume you mean CVE-2010-1735 instead of CVE-2010-1795?
> > CVE-2010-1795 is a DLL injection issue in iTunes :)
> >
> > I don't know if these are the same or not. CVE-2010-1734 also affects
> > win32k.sys with the same results, and it looks like win32k.sys has
> > gotten a good deal of attention in the last year or so.
> >
> > Time to consult with Microsoft...
>
> Have you heard back from Microsoft about this yet, Steve?
>
> > - Steve
> >
> >
> > On Wed, 19 Jan 2011, George A. Theall wrote:
> >
> >> Is there a difference between CVE-2010-1795 and CVE-2010-1894? The
> >> former is for a local win32k.sys DoS issue reported by Vigil at nce; the
> >> latter for an exception handling issue in win32k.sys that can be
> >> triggered only by local users and that was addressed by MS10-048.
> >>
> >> George
> >> --
> >> theall at tenablesecurity.com
> >>
> >>
> >>
> >
>
> George
> --
> theall at tenablesecurity.com
>
>
More information about the VIM
mailing list