Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1734

CWE-20Improper Input Validation4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.8%
top 25.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows XP
Timeline
PublishedMay 6
Latest updateMay 13

Description

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q94h-3hx2-w7q6: The SfnINSTRING function in win32k2022-05-13
CVEList
CVE-2010-1734: The SfnINSTRING function in win32k2010-05-05

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service2010-04-22
CVE-2010-1734 (MEDIUM CVSS 4.9) | The SfnINSTRING function in win32k. | cvebase.io