CVE-2010-1735

Microsoft Windows 2000 - Improper Input Validation

Title source: rule

Description

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

Exploits (1)

exploitdb WORKING POC

cdoswindows

https://www.exploit-db.com/exploits/12336

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/39456

[Exploit] http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607

[Exploit] http://www.securityfocus.com/bid/39630

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/510884/100/0/threaded

Scores

EPSS 0.0088

EPSS Percentile 75.4%

Details

CWE

CWE-20

Status published

Products (4)

microsoft/windows_2000 (10 CPE variants)

microsoft/windows_2003_server (7 CPE variants)

microsoft/windows_server_2003 (3 CPE variants)

microsoft/windows_xp (30 CPE variants)

Published May 06, 2010

Tracked Since Feb 18, 2026