7.8

CVE-2010-4398

Warnung
Exploit
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Version-
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Vista Version- Updatesp1
MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
MicrosoftWindows Xp Version- Updatesp3

28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability

Schwachstelle

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.66% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://isc.sans.edu/diary.html?storyid=9988
Exploit
Issue Tracking
http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/
Broken Link
http://secunia.com/advisories/42356
Vendor Advisory
Broken Link
http://support.avaya.com/css/P8/documents/100127248
Third Party Advisory
http://twitter.com/msftsecresponse/statuses/7590788200402945
Not Applicable
http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://www.exploit-db.com/exploits/15609/
Third Party Advisory
Exploit
VDB Entry
http://www.kb.cert.org/vuls/id/529673
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/45045
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1025046
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2011/0324
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4398
US Government Resource