Vulnerabilities > CVE-2010-4502 - Numeric Errors vulnerability in CA Internet Security Suite Plus 2010

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

CWE-189

exploit available

NVD

Published: 2010-12-08

Updated: 2010-12-09

Summary

Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Ca CA Internet Security Suite Plus 2010 *	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	CA Internet Security Suite 2010 - KmxSbx.sys Kernel Pool Overflow (0day). CVE-2010-4502. Local exploit for windows platform
file	exploits/windows/local/15624.txt
id	EDB-ID:15624
last seen	2016-02-01
modified	2010-11-28
platform	windows
port
published	2010-11-28
reporter	Nikita Tarakanov
source	https://www.exploit-db.com/download/15624/
title	CA Internet Security Suite 2010 - KmxSbx.sys Kernel Pool Overflow 0day
type	local

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References