CVE-2010-1894

Windows XP SP2-SP3 and Windows Server 2003 SP2 - Privilege Escalation via Win32k Exception Handling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1894. PoCs published by MJ0011.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in Microsoft Windows by sending a crafted message to the DDEMLEvent window, potentially causing a denial-of-service condition. It leverages the Win32k.sys SfnLOGONNOTIFY vulnerability to execute arbitrary code with kernel-level privileges.

Description

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."

Exploits (2)

exploitdb WORKING POC

by MJ0011 · cdoswindows

https://www.exploit-db.com/exploits/14611

View Code ZIP pw:eip

This exploit targets a local privilege escalation vulnerability in Microsoft Windows by sending a crafted message to the DDEMLEvent window, potentially causing a denial-of-service condition. It leverages the Win32k.sys SfnLOGONNOTIFY vulnerability to execute arbitrary code with kernel-level privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Racy

Target: Microsoft Windows 2000, Windows XP, Windows 2003

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by MJ0011 · cdoswindows

https://www.exploit-db.com/exploits/12336

View Code ZIP pw:eip

This exploit demonstrates a local kernel Denial of Service (DoS) vulnerability in Windows 2000/XP/2003 by sending a crafted message (0x4c) with invalid parameters to the DDEMLEvent window, triggering a BSOD due to improper handling in the SfnLOGONNOTIFY function within win32k.sys.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows 2000/XP/2003 (win32k.sys)

No auth needed

Prerequisites: Local access to the target system · Presence of the DDEMLEvent window

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-222A.html

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11769

Scores

EPSS 0.0296

EPSS Percentile 85.4%

Details

CWE

CWE-264

Status published

Products (3)

microsoft/windows_2003_server (2 CPE variants)

microsoft/windows_server_2003

microsoft/windows_xp (2 CPE variants)

Published Aug 11, 2010

Tracked Since Feb 18, 2026