CVE-2010-4398
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
YesDecision
Descriptions
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
Desbordamiento de buffer basado en pila en la función RtlQueryRegistryValues de win32k.sys de Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 hasta la versión R2 y Windows 7. Permite a usuarios locales escalar privilegios y evitar el "User Account Control" (UAC), a través de un valor REG_BINARY modificado de la clave del registro SystemDefaultEUDCFont.
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-24 First Exploit
- 2010-12-03 CVE Reserved
- 2010-12-03 CVE Published
- 2022-03-28 Exploited in Wild
- 2022-04-21 KEV Due Date
- 2024-07-26 EPSS Updated
- 2024-08-07 CVE Updated
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac | Broken Link | |
| http://support.avaya.com/css/P8/documents/100127248 | Third Party Advisory | |
| http://twitter.com/msftsecresponse/statuses/7590788200402945 | Not Applicable | |
| http://www.kb.cert.org/vuls/id/529673 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/45045 | Broken Link | |
| http://www.securitytracker.com/id?1025046 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0324 | Broken Link | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/15609 | 2010-11-24 | |
| http://isc.sans.edu/diary.html?storyid=9988 | 2024-08-07 | |
| http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror | 2024-08-07 | |
| http://www.exploit-db.com/exploits/15609 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011 | 2024-07-09 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/42356 | 2024-07-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, professional, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp3 |
Affected
| ||||||