CVE-2010-1735

Description

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

Related CPE's

omicrosoftwindows_2003_server*gold******

omicrosoftwindows_xp-sp2home*****

omicrosoftwindows_xp-sp3******

omicrosoftwindows_2000*gold******

omicrosoftwindows_xp-gold64-bit-2002*****

omicrosoftwindows_xp*goldtablet_pc*****

omicrosoftwindows_xp-goldhome*****

omicrosoftwindows_xp*sp2******

omicrosoftwindows_xp**x86*****

omicrosoftwindows_xpsp3unknownenglish*****

References

39456

Vendor Advisory

39630

Exploit

http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607

Exploit

20100422 Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:N/I:N/A:C

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

COMPLETE

BaseScore

4.900000095367432

Created by Yello
About Severity.io