CVE-2010-4398

Warnung

Exploit

EPSS 12.71%
Veröffentlicht 06.12.2010 13:44:54
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 7 Version-

Microsoft ≫ Windows Server 2003 Version- Updatesp2

Microsoft ≫ Windows Server 2008 Version-

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ Windows Server 2008 Versionr2

Microsoft ≫ Windows Vista Version- Updatesp1

Microsoft ≫ Windows Vista Version- Updatesp2

Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64

Microsoft ≫ Windows Xp Version- Updatesp3

28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability

Schwachstelle

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.71%	0.938

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H