[VIM] CVE-2010-1795 vs CVE-2010-1894
George A. Theall
theall at tenable.com
Wed Jul 27 08:31:24 CDT 2011
On Jan 20, 2011, at 7:01 PM, Steven M. Christey wrote:
> I assume you mean CVE-2010-1735 instead of CVE-2010-1795?
> CVE-2010-1795 is a DLL injection issue in iTunes :)
> I don't know if these are the same or not. CVE-2010-1734 also
> affects win32k.sys with the same results, and it looks like
> win32k.sys has gotten a good deal of attention in the last year or so.
> Time to consult with Microsoft...
Have you heard back from Microsoft about this yet, Steve?
> - Steve
> On Wed, 19 Jan 2011, George A. Theall wrote:
>> Is there a difference between CVE-2010-1795 and CVE-2010-1894? The
>> former is for a local win32k.sys DoS issue reported by Vigil at nce;
>> the latter for an exception handling issue in win32k.sys that can
>> be triggered only by local users and that was addressed by MS10-048.
>> theall at tenablesecurity.com
theall at tenablesecurity.com
More information about the VIM