Secunia
Login
|
|
CVE Reference: CVE-2010-4398 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2010-4398 |
|
|
Description: Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." |
|
|
CVE Status: Candidate |
|
|
References: ST 1025046 SAID Secunia Advisory: SA42356 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12162 MS http://www.microsoft.com/technet/security/Bulletin/MS11-011.mspx MISC http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ http://twitter.com/msftsecresponse/statuses/7590788200402945 http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/ http://isc.sans.edu/diary.html?storyid=9988 EXPLOIT-DB http://www.exploit-db.com/exploits/15609/ CONFIRM http://support.avaya.com/css/P8/documents/100127248 CERT-VN 529673 BID 45045 |
|
| Return to the previous page. |
