CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

Published: May 6, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-1735
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / windows_2003_server	-	-
microsoft / windows_xp	--sp2	--sp2.x
microsoft / windows_xp	--sp3	--sp3.x
microsoft / windows_2000	-	-
microsoft / windows_xp	--gold	--gold.x
microsoft / windows_xp	-	-
microsoft / windows_xp	sp3-unknown	sp3-unknown.x
microsoft / windows_server_2003	-	-
microsoft / windows_xp	--sp1	--sp1.x
microsoft / windows_xp	sp3	sp3.x

http://secunia.com/advisories/39456
http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607
http://www.securityfocus.com/archive/1/510884/100/0/threaded
http://www.securityfocus.com/bid/39630

Vulnerability Database

289,598

CVE-2010-1735