Zero-day vulnerability in Windows
Privilege escalation
CVE-2010-3338
The vulnerability was used by Stuxnet.
W32.Stuxnet TDL-4 rootkit (TDSS) Trojan.Generic.KDV.128306
Vulnerability details
Advisory: SB2010121402 - Privilege escalation in Windows Task Scheduler
Vulnerable component: Windows
CVE-ID: CVE-2010-3338
CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
Description:
The vulnerability allows a local user obtain elevated privileges on vulnerable system.
The vulnerability exists in Windows Task Scheduler when running scheduled tasks within the intended security context. A local user can create a specially crafted task and execute arbitrary code on vulnerable system with privileges of the local system account.
Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.
Note: this vulnerability is being actively exploited.
Public Exploits:
- Microsoft Windows - Task Scheduler Privilege Escalation [Exploit-DB]
- Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit) [Exploit-DB]
External links:
https://technet.microsoft.com/library/security/ms10-092
http://news.softpedia.com/news/Fake-YouTube-Pages-Serve-Trojan-via-Malicious-Java-Applets-186033.sht...
https://securelist.com/analysis/monthly-malware-statistics/36338/monthly-malware-statistics-december...
https://hotforsecurity.bitdefender.com/blog/java-badware-posing-as-youtube-plugin-1025.html