CVE-2010-4398

Vulnerability Description

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://isc.sans.edu/diary.html?storyid=9988ExploitIssue Tracking
• http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uaBroken Link
• http://secunia.com/advisories/42356Broken LinkVendor Advisory
• http://support.avaya.com/css/P8/documents/100127248Third Party Advisory
• http://twitter.com/msftsecresponse/statuses/7590788200402945Not Applicable
• http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7Broken LinkExploitThird Party Advisory
• http://www.exploit-db.com/exploits/15609/ExploitThird Party AdvisoryVDB Entry
• http://www.kb.cert.org/vuls/id/529673Third Party AdvisoryUS Government Resource
• http://www.securityfocus.com/bid/45045Broken LinkThird Party AdvisoryVDB Entry
• http://www.securitytracker.com/id?1025046Broken LinkThird Party AdvisoryVDB Entry
• http://www.vupen.com/english/advisories/2011/0324Broken Link
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-01PatchVendor Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
• http://isc.sans.edu/diary.html?storyid=9988ExploitIssue Tracking
• http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uaBroken Link