High severity7.8CISA KEVNVD Advisory· Published Dec 6, 2010· Updated Apr 21, 2026

CVE-2010-4398

Description

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

Affected products

Microsoft/Windows 7
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Microsoft/Windows Server 2003
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
Microsoft/Windows Server 20083 versions
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft/Windows Vista2 versions
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Microsoft/Windows Xp2 versions
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011nvdPatchVendor Advisory
isc.sans.edu/diary.htmlnvdExploitIssue Tracking
www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/nvdBroken LinkExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/15609/nvdExploitThird Party AdvisoryVDB Entry
secunia.com/advisories/42356nvdBroken LinkVendor Advisory
support.avaya.com/css/P8/documents/100127248nvdThird Party Advisory
www.kb.cert.org/vuls/id/529673nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/45045nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/nvdBroken Link
twitter.com/msftsecresponse/statuses/7590788200402945nvdNot Applicable
www.vupen.com/english/advisories/2011/0324nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.006
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000