CVE-2010-4398
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2010-4398 is a stack-based buffer overflow vulnerability affecting various Microsoft operating systems, including Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. This issue lies within the RtlQueryRegistryValues function in win32k.sys and permits local users to elevate their privileges and bypass the User Account Control (UAC) feature. The exploitation hinges on a specially crafted REG_BINARY value for the SystemDefaultEUDCFont registry key, which triggers the buffer overflow and allows unauthorized access to system resources.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows Server 2008
- Microsoft Windows 7
- Microsoft Windows Vista
- Microsoft Windows Server 2003
- Microsoft Windows XP
Affected Vendors
- Microsoft