CVE-2010-1734

Microsoft Windows 2000 - Improper Input Validation

Title source: rule

Description

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

Exploits (1)

exploitdb WORKING POC

by MJ0011 · cdoswindows

https://www.exploit-db.com/exploits/12337

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/39456

[Exploit] http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607

[Exploit] http://www.securityfocus.com/bid/39631

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/510886/100/0/threaded

Scores

EPSS 0.0080

EPSS Percentile 74.2%

Details

CWE

CWE-20

Status published

Products (4)

microsoft/windows_2000 (10 CPE variants)

microsoft/windows_2003_server (7 CPE variants)

microsoft/windows_server_2003 (3 CPE variants)

microsoft/windows_xp (30 CPE variants)

Published May 06, 2010

Tracked Since Feb 18, 2026