VYPR
High severity7.8CISA KEVNVD Advisory· Published Dec 6, 2010· Updated Jun 16, 2026

CVE-2010-4398

CVE-2010-4398

Description

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • Microsoft/Windows3 versions
    cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
    • (no CPE)range: Windows XP SP2 - Windows 7
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*+ 1 more
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.