← back
CVE-2010-4398

CVE-2010-4398

CVSS 7.8 HIGHEPSS 8.7%● KEVCWE-787
In short

A flaw in Windows kernel code allows a local user to overflow a buffer on the stack by crafting a malicious registry value, leading to privilege escalation and UAC bypass.

Technical detail

Stack-based buffer overflow in RtlQueryRegistryValues (win32k.sys) triggered by specially crafted REG_BINARY values in the SystemDefaultEUDCFont registry key. Requires local access; successful exploitation results in kernel-level code execution, privilege escalation, and UAC circumvention.

Summary generated and translated by AI from the official description.
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found3
cve_referencewww.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/unverifiedcve_referencewww.exploit-db.com/exploits/15609/unverifiedexploitdbwww.exploit-db.com/exploits/15609unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://isc.sans.edu/diary.html?storyid=9988http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011http://secunia.com/advisories/42356https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162http://support.avaya.com/css/P8/documents/100127248https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4398http://twitter.com/msftsecresponse/statuses/7590788200402945http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/http://www.exploit-db.com/exploits/15609/http://www.kb.cert.org/vuls/id/529673http://www.securityfocus.com/bid/45045