CVE-2010-4398

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to Windows XP SP4, Windows Server 2003 SP3, Windows Vista SP3, Windows Server 2008 SP3, and Windows 7 SP1

Description An elevation of privilege issue exists due to the improper interaction of drivers with the Windows kernel. This allows local users to gain privileges and bypass the User Account Control (UAC) feature via a crafted REG BINARY value for a SystemDefaultEUDCFont registry key. An attacker who successfully exploited this issue could run arbitrary code in kernel mode and take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For Microsoft Windows XP SP2 and SP3, update to Windows XP SP4 to resolve the issue. For Windows Server 2003 SP2, update to Windows Server 2003 SP3 to resolve the issue. For Windows Vista SP1 and SP2, update to Windows Vista SP3 to resolve the issue. For Windows Server 2008 Gold, SP2, and R2, update to Windows Server 2008 SP3 to resolve the issue. For Windows 7, update to Windows 7 SP1 to resolve the issue. As a temporary workaround, consider restricting access to the SystemDefaultEUDCFont registry key to minimize the risk of exploitation.