CVE-2010-1735

Microsoft Windows 2000, XP, and Server 2003 - Denial of Service via SfnLOGONNOTIFY Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1735.

AI-analyzed exploit summary This exploit triggers a local kernel Denial of Service (DoS) in Windows 2000/XP/2003 by sending a crafted message (0x4c) with invalid parameters to the DDEMLEvent window, causing win32k.sys to dereference an invalid address in SfnLOGONNOTIFY.

Description

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

Exploits (1)

exploitdb WORKING POC
cdoswindows
https://www.exploit-db.com/exploits/12336

This exploit triggers a local kernel Denial of Service (DoS) in Windows 2000/XP/2003 by sending a crafted message (0x4c) with invalid parameters to the DDEMLEvent window, causing win32k.sys to dereference an invalid address in SfnLOGONNOTIFY.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows 2000/XP/2003 (win32k.sys)
No auth needed
Prerequisites: Local access to the target system · Presence of the DDEMLEvent window
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39630
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39456
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/510884/100/0/threaded

Scores

EPSS 0.0249
EPSS Percentile 82.6%

Details

CWE
CWE-20
Status published
Products (4)
microsoft/windows_2000 (10 CPE variants)
microsoft/windows_2003_server (7 CPE variants)
microsoft/windows_server_2003 (3 CPE variants)
microsoft/windows_xp (30 CPE variants)
Published May 06, 2010
Tracked Since Feb 18, 2026