CVE-2010-1887

Microsoft Windows 2003 Server - Improper Input Validation

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1887. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This exploit demonstrates a vulnerability in Microsoft Windows win32k!GreStretchBltInternal() where a synchronization error occurs when src == dest, leading to a bugcheck or potential arbitrary kernel code execution. The provided code triggers the vulnerability using BitBlt() with CAPTUREBLT | SRCCOPY.

Description

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · textdoswindows

https://www.exploit-db.com/exploits/14669

View Code ZIP pw:eip

This exploit demonstrates a vulnerability in Microsoft Windows win32k!GreStretchBltInternal() where a synchronization error occurs when src == dest, leading to a bugcheck or potential arbitrary kernel code execution. The provided code triggers the vulnerability using BitBlt() with CAPTUREBLT | SRCCOPY.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows 7

No auth needed

Prerequisites: Unprivileged user access to a Windows 7 system

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11020

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048

Scores

EPSS 0.0196

EPSS Percentile 77.7%

Details

CWE

CWE-20

Status published

Products (6)

microsoft/windows_2003_server (2 CPE variants)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_server_2003

microsoft/windows_server_2008 (8 CPE variants)

microsoft/windows_vista (3 CPE variants)

microsoft/windows_xp (2 CPE variants)

Published Aug 11, 2010

Tracked Since Feb 18, 2026