Vulnerability Details : CVE-2010-1735
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-1735
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1735
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2010-1735
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1735
-
http://www.securityfocus.com/bid/39630
Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation VulnerabilityExploit
-
http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607
Vigil@nce vulnerability - Windows: denials of service of win32k.sysExploit
-
http://www.securityfocus.com/archive/1/510884/100/0/threaded
SecurityFocus
Products affected by CVE-2010-1735
- cpe:2.3:o:microsoft:windows_2000:*:beta3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:rc1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:-:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:rc2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:embedded:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:embedded:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:gold:64-bit-2002:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:embedded:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:gold:64-bit-2003:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:gold:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:r2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*