Описание
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
Ссылки
- Vendor Advisory
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:microsoft:windows_2000:*:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:beta3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:rc1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:rc2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:r2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:embedded:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:embedded:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:gold:64-bit-2002:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:gold:64-bit-2003:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:gold:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp1:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:embedded:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*
EPSS
Процентиль: 75%
0.00863
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
EPSS
Процентиль: 75%
0.00863
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-20