[VIM] CVE-2010-1795 vs CVE-2010-1894

Steven M. Christey coley at rcf-smtp.mitre.org
Thu Jan 20 18:01:50 CST 2011


I assume you mean CVE-2010-1735 instead of CVE-2010-1795?  CVE-2010-1795 
is a DLL injection issue in iTunes :)

I don't know if these are the same or not.  CVE-2010-1734 also affects 
win32k.sys with the same results, and it looks like win32k.sys has gotten 
a good deal of attention in the last year or so.

Time to consult with Microsoft...

- Steve

On Wed, 19 Jan 2011, George A. Theall wrote:

> Is there a difference between CVE-2010-1795 and CVE-2010-1894? The former is 
> for a local win32k.sys DoS issue reported by Vigil at nce; the latter for an 
> exception handling issue in win32k.sys that can be triggered only by local 
> users and that was addressed by MS10-048.
> George
> -- 
> theall at tenablesecurity.com

More information about the VIM mailing list