PT-2010-3375 · Microsoft · Win32K.Sys+1

Published

2010-05-05

Updated

2021-07-07

CVE-2010-1735

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue allows local users to cause a denial of service, resulting in a system crash. This is achieved by passing a specific value, 0x4c, in the second argument, Msg, of a PostMessage function call for the DDEMLEvent window, leveraging the SfnLOGONNOTIFY function in win32k.sys.

Recommendations For Microsoft Windows 2000, XP, and Server 2003, update to a version that includes the fix for this issue to prevent local users from causing a denial of service.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-1735

Affected Products

Windows

Win32K.Sys

PT-2010-3375 · Microsoft · Win32K.Sys+1

CVE-2010-1735

Weakness Enumeration

Related Identifiers

Affected Products

References · 6