CVE-2010-4398

7.8 HIGH CISA KEV - Actively Exploited
Published: December 06, 2010 Modified: October 22, 2025
View on NVD

Description

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://isc.sans.edu/diary.html?storyid=9988
Source: cve@mitre.org
Exploit Issue Tracking
http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/42356
Source: cve@mitre.org
Broken Link Vendor Advisory
http://support.avaya.com/css/P8/documents/100127248
Source: cve@mitre.org
Third Party Advisory
http://twitter.com/msftsecresponse/statuses/7590788200402945
Source: cve@mitre.org
Not Applicable
http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/
Source: cve@mitre.org
Broken Link Exploit Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/15609/
Source: cve@mitre.org
Exploit Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/529673
Source: cve@mitre.org
Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/45045
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025046
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0324
Source: cve@mitre.org
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011
Source: cve@mitre.org
Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162
Source: cve@mitre.org
Broken Link
http://isc.sans.edu/diary.html?storyid=9988
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Issue Tracking
http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/42356
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://support.avaya.com/css/P8/documents/100127248
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://twitter.com/msftsecresponse/statuses/7590788200402945
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/15609/
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/529673
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/45045
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025046
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0324
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4398
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

27 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
11.1%
93th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-04-21

Weaknesses (CWE)

CWE-787 CWE-787

Affected Vendors

microsoft

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3