CVE-2010-1734

Windows 2000, XP, and Server 2003 - Denial of Service via SfnINSTRING Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1734. PoCs published by MJ0011.

AI-analyzed exploit summary This exploit triggers a local kernel Denial of Service (DoS) in Windows 2000/XP/2003 by sending a crafted message to the DDEMLEvent window, causing a BSOD due to improper handling of the lParam in the SfnINSTRING function.

Description

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

Exploits (1)

exploitdb WORKING POC
by MJ0011 · cdoswindows
https://www.exploit-db.com/exploits/12337

This exploit triggers a local kernel Denial of Service (DoS) in Windows 2000/XP/2003 by sending a crafted message to the DDEMLEvent window, causing a BSOD due to improper handling of the lParam in the SfnINSTRING function.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows 2000/XP/2003 (win32k.sys)
No auth needed
Prerequisites: Local access to the target system · Presence of the DDEMLEvent window
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39631
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39456
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/510886/100/0/threaded

Scores

EPSS 0.0266
EPSS Percentile 83.7%

Details

CWE
CWE-20
Status published
Products (4)
microsoft/windows_2000 (10 CPE variants)
microsoft/windows_2003_server (7 CPE variants)
microsoft/windows_server_2003 (3 CPE variants)
microsoft/windows_xp (30 CPE variants)
Published May 06, 2010
Tracked Since Feb 18, 2026