Back
CVE-2010-4398
HIGH
CISA KEV
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
Published: Dec 6, 2010
Modified: Apr 21, 2026
CWE-787
CWE-787
CVSS Metrics
CVSSv3
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products (9)
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_7 | - |
| microsoft | windows_server_2003 | - |
| microsoft | windows_server_2008 | - |
| microsoft | windows_server_2008 | - |
| microsoft | windows_server_2008 | r2 |
| microsoft | windows_vista | - |
| microsoft | windows_vista | - |
| microsoft | windows_xp | - |
| microsoft | windows_xp | - |
GitHub Security Advisory GHSA-v6fx-3qcr-2mfg
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft...
References (27)
- http://isc.sans.edu/diary.html?storyid=9988 Exploit, Issue Tracking
- http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/ Broken Link
- http://secunia.com/advisories/42356 Broken Link, Vendor Advisory
- http://support.avaya.com/css/P8/documents/100127248 Third Party Advisory
- http://twitter.com/msftsecresponse/statuses/7590788200402945 Not Applicable
- http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ Broken Link, Exploit, Third Party Advisory, VDB Entry
- http://www.exploit-db.com/exploits/15609/ Exploit, Third Party Advisory, VDB Entry
- http://www.kb.cert.org/vuls/id/529673 Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/45045 Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1025046 Broken Link, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2011/0324 Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011 Patch, Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162 Broken Link
- http://isc.sans.edu/diary.html?storyid=9988 Exploit, Issue Tracking
- http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/ Broken Link
Risk Scores
CVSS Score
7.8 / 10
EPSS Score
7.75%
Top 8% most likely to be exploited
Threat Score
63.5 / 100
CISA Known Exploited
Date Added:
2022-03-28
Due Date:
2022-04-21
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS
GitHub