mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
20 lines
1.1 KiB
Markdown
20 lines
1.1 KiB
Markdown
|
### [CVE-2010-2744](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2744)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-073
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/nitishbadole/oscp-note-2
|
||
|
|
- https://github.com/rmsbpro/rmsbpro
|
||
|
|
|