CVE-2010-4398
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
Published
2010-12-06T13:44:54.863
Last Modified
2025-04-11T00:51:21.963
Status
Deferred
Source
[email protected]
Severity
CVSSv3.1: 7.8 (HIGH)
CVSSv2 Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
- Access Vector: LOCAL
- Access Complexity: LOW
- Authentication: NONE
- Confidentiality Impact: COMPLETE
- Integrity Impact: COMPLETE
- Availability Impact: COMPLETE
Exploitability Score
3.9
Impact Score
10.0
Weaknesses
-
Type: Primary
CWE-787
-
Type: Secondary
CWE-787
Affected Vendors & Products
References
-
http://isc.sans.edu/diary.html?storyid=9988
Exploit, Issue Tracking
([email protected])
-
http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/
Broken Link
([email protected])
-
http://secunia.com/advisories/42356
Broken Link, Vendor Advisory
([email protected])
-
http://support.avaya.com/css/P8/documents/100127248
Third Party Advisory
([email protected])
-
http://twitter.com/msftsecresponse/statuses/7590788200402945
Not Applicable
([email protected])
-
http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/
Broken Link, Exploit, Third Party Advisory, VDB Entry
([email protected])
-
http://www.exploit-db.com/exploits/15609/
Exploit, Third Party Advisory, VDB Entry
([email protected])
-
http://www.kb.cert.org/vuls/id/529673
Third Party Advisory, US Government Resource
([email protected])
-
http://www.securityfocus.com/bid/45045
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securitytracker.com/id?1025046
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
http://www.vupen.com/english/advisories/2011/0324
Broken Link
([email protected])
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011
Patch, Vendor Advisory
([email protected])
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162
Broken Link
([email protected])
-
http://isc.sans.edu/diary.html?storyid=9988
Exploit, Issue Tracking
(af854a3a-2127-422b-91ae-364da2661108)
-
http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/
Broken Link
(af854a3a-2127-422b-91ae-364da2661108)
-
http://secunia.com/advisories/42356
Broken Link, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
http://support.avaya.com/css/P8/documents/100127248
Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
http://twitter.com/msftsecresponse/statuses/7590788200402945
Not Applicable
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/
Broken Link, Exploit, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.exploit-db.com/exploits/15609/
Exploit, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.kb.cert.org/vuls/id/529673
Third Party Advisory, US Government Resource
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securityfocus.com/bid/45045
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securitytracker.com/id?1025046
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.vupen.com/english/advisories/2011/0324
Broken Link
(af854a3a-2127-422b-91ae-364da2661108)
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011
Patch, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162
Broken Link
(af854a3a-2127-422b-91ae-364da2661108)