Denial of Service Vulnerability in Microsoft Windows 2000, XP, and Server 2003
CVE-2010-1735

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Xp; Windows 2000; Windows Server 2003
Vendor: CVE Published:; 6 May 2010

Summary

The SfnLOGONNOTIFY function within win32k.sys in Microsoft Windows 2000, XP, and Server 2003 exhibits a vulnerability that allows local users to induce a denial of service condition. This can occur when a specific value (0x4c) is used in the second argument of a PostMessage call directed at the DDEMLEvent window. Such exploitation could lead to system instability and crashes, severely affecting system performance. Organizations should consider applying necessary patches to mitigate the risk associated with this vulnerability.

References

http://www.securityfocus.com/bid/39630

vdb-entryx_refsource_BID

http://secunia.com/advisories/39456

third-party-advisoryx_refsource_SECUNIA

http://vigilance.fr/vulnerability/Windows-denials-of-serv...

x_refsource_MISC

Timeline

Vulnerability published
May 6, 2010
Vulnerability Reserved
May 5, 2010