CVE-2010-4398
CVE-2010-4398
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 8.7%KEV simPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
24 Nov 2010Public PoC
03 Dec 2010Published on NVD
28 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Windows kernel code allows a local user to overflow a buffer on the stack by crafting a malicious registry value, leading to privilege escalation and UAC bypass.
Technical detail
Stack-based buffer overflow in RtlQueryRegistryValues (win32k.sys) triggered by specially crafted REG_BINARY values in the SystemDefaultEUDCFont registry key. Requires local access; successful exploitation results in kernel-level code execution, privilege escalation, and UAC circumvention.
Summary generated and translated by AI from the official description.
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
cve_referencewww.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/unverifiedcve_referencewww.exploit-db.com/exploits/15609/unverifiedexploitdbwww.exploit-db.com/exploits/15609unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://isc.sans.edu/diary.html?storyid=9988http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011http://secunia.com/advisories/42356https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162http://support.avaya.com/css/P8/documents/100127248https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4398http://twitter.com/msftsecresponse/statuses/7590788200402945http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/http://www.exploit-db.com/exploits/15609/http://www.kb.cert.org/vuls/id/529673http://www.securityfocus.com/bid/45045