CVE-2010-1894
published 2010-08-11CVE-2010-1894: The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions…
PriorityP335high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
2.96%
85.5th percentile
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - 'SfnLOGONNOTIFY' Privilege Escalation (MS10-048)
exploitdb·2010-08-10
CVE-2010-1894 Microsoft Windows - 'SfnLOGONNOTIFY' Privilege Escalation (MS10-048)
Microsoft Windows - 'SfnLOGONNOTIFY' Privilege Escalation (MS10-048)
---
/*
source: https://www.securityfocus.com/bid/39630/info
Microsoft Windows is prone to a local privilege-escalation vulnerability.
A local attacker may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause a denial-of-service condition.
Microsoft Windows 2000, Windows XP and Windows 2003 are affected by this issue.
*/
# Include "stdafx.h"
# Include "windows.h"
int main (int argc, char * argv [])
(
printf("Microsoft Windows Win32k.sys SfnLOGONNOTIFY Local D.O.S Vuln\nBy MJ0011\[email protected]\nPressEnter");
getchar();
HWND hwnd = FindWindow ("DDEMLEvent", NULL);
if (hwnd =
Exploit-DB
Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
exploitdb·2010-04-22
CVE-2010-1894 Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
---
/*
Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability
Effect : Microsoft Windows 2000/XP/2003 full patch
Author:MJ0011
Published: 2010-04-22
Vulnerability Details:
Win32k.sys in DispatchMessage when the last call to xxxDefWindowProc, this function in dealing with some
Message, will call gapfnScSendMessage this function table function to process, which under the deal 2000/xp/2003
0x4c No. message, there will be a function called SfnLOGONNOTIFY, this function again when the wParam == 4/13/12
When the data directly from the lParam inside out, despite the use of the function of the SEH, but as long as the kernel passes the wrong address, will still le
No writeups or analysis indexed.
http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11769http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11769
2010-08-11
Published