Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-4398
HistoryDec 06, 2010 - 1:44 p.m.

CVE-2010-4398

2010-12-0613:44:54
CWE-119
[email protected]
web.nvd.nist.gov
861
In Wild
cve-2010-4398
buffer overflow
win32k.sys
microsoft windows
uac bypass
systemdefaulteudcfont
nvd
privilege escalation
windows security
vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.7%

JSON

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka “Driver Improper Interaction with Windows Kernel Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_2003_server
OR
microsoftwindows_7
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008Matchr2itanium
OR
microsoftwindows_server_2008Matchr2x64
OR
microsoftwindows_vista
OR
microsoftwindows_xp

Related

checkpoint_advisories 1
cisa_kev 1
nvd 1
prion 1
cvelist 1
attackerkb 1
canvas 1
openvas 2
nessus 1
fireeye 1
securityvulns 1
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Kernel win32k.sys Privilege Escalation (MS11-011; CVE-2010-4398)
2011-03-18 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
2022-03-28 00:00:00
nvd
nvd
CVE-2010-4398
2010-12-06 13:44:54
prion
prion
Stack overflow
2010-12-06 13:44:00
cvelist
cvelist
CVE-2010-4398
2010-12-03 20:00:00
attackerkb
attackerkb
CVE-2010-4398
2010-12-06 00:00:00
canvas
canvas
Immunity Canvas: MS_ENABLEEUDC
2010-12-06 13:44:00
openvas
openvas
Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
2011-02-09 00:00:00
Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
2011-02-09 00:00:00
nessus
nessus
MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
2011-02-08 00:00:00
fireeye
fireeye
CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis
2019-04-23 17:45:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2011-02-14 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.7%

JSON
Related for CVE-2010-4398
checkpoint_advisories1cisa_kev1nvd1prion1cvelist1attackerkb1canvas1openvas2nessus1fireeye1securityvulns1