Vulnerability Details : CVE-2010-4398
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
Vulnerability category: Overflow
CVE-2010-4398 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
Added on
2022-03-28
Action due date
2022-04-21
Exploit prediction scoring system (EPSS) score for CVE-2010-4398
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4398
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2010-4398
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4398
-
http://www.exploit-db.com/exploits/15609/
Microsoft Windows Vista/7 - Local Privilege Escalation (UAC Bypass) - Windows local ExploitExploit
-
http://www.kb.cert.org/vuls/id/529673
VU#529673 - Microsoft Windows RtlQueryRegistryValues() does not adequately validate registry dataUS Government Resource
-
http://www.securityfocus.com/bid/45045
Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162
Repository / Oval Repository
-
http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/
New Windows zero-day flaw bypasses UAC – Naked Security
-
http://www.securitytracker.com/id?1025046
Windows Kernel Lets Local Users Gain Elevated Privileges - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011
Microsoft Security Bulletin MS11-011 - Important | Microsoft Docs
-
http://twitter.com/msftsecresponse/statuses/7590788200402945
Security Response on Twitter: "We 're investigating public PoC for a local EoP vuln requiring an account on the target system"
-
http://www.vupen.com/english/advisories/2011/0324
Webmail | OVH- OVH
-
http://isc.sans.edu/diary.html?storyid=9988
InfoSec Handlers Diary Blog - Privilege escalation 0-day in almost all Windows versions
-
http://support.avaya.com/css/P8/documents/100127248
ASA-2011-031 (2393802)
-
http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/
404 Page Not Found | Exploit DatabaseExploit
Products affected by CVE-2010-4398
- cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*