CVE-2010-4398

HIGH KEV

Microsoft Windows 7 - Out-of-Bounds Write

Title source: rule

Description

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED

by noobpwnftw · textlocalwindows

https://www.exploit-db.com/exploits/15609

View Code ZIP pw:eip

References (14)

[Exploit, Issue Tracking] http://isc.sans.edu/diary.html?storyid=9988

[Broken Link] http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/

[Broken Link, Vendor Advisory] http://secunia.com/advisories/42356

[Third Party Advisory] http://support.avaya.com/css/P8/documents/100127248

[Not Applicable] http://twitter.com/msftsecresponse/statuses/7590788200402945

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/15609/

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/529673

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45045

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1025046

[Broken Link] http://www.vupen.com/english/advisories/2011/0324

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4398

Scores

CVSS v3 7.8

EPSS 0.0887

EPSS Percentile 92.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-28

VulnCheck KEV 2016-04-01

InTheWild.io 2022-03-28

ENISA EUVD EUVD-2010-4367

CWE

CWE-787

Status published

Products (6)

microsoft/windows_7

microsoft/windows_server_2003

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2

microsoft/windows_vista (2 CPE variants)

microsoft/windows_xp (2 CPE variants)

Published Dec 06, 2010

KEV Added Mar 28, 2022

Tracked Since Feb 18, 2026