1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Windows Spooler Service CVE-2010-2729 3

Attack: Windows Spooler Service CVE-2010-2729 3

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a remote code execution vulnerability in Print Spooler Service

Additional Information

Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler Service. The Print Spooler Service manages the printing process, including spooling and scheduling print jobs.

Microsoft Windows is prone to a remote code-execution vulnerability because the Print Spooler Service fails to adequately restrict the locations where users have permissions to print to a file.

A remote attacker can exploit this issue to execute code with SYSTEM-level privileges. Local attackers able to submit print jobs can exploit this issue to gain elevated privileges.

NOTE: To exploit this issue, an attacker must have permissions to submit print jobs on the vulnerable system. Guest access to shared print services is enabled by default on Windows XP; later systems will require the attacker to authenticate to the server, or require the server to be configured to allow anonymous access.

Affected

  • windows
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube