CVE Vulnerabilities

CVE-2010-2744

Published: Oct 13, 2010 | Modified: Dec 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka Win32k Window Class Vulnerability.

Affected Software

Name Vendor Start Version End Version
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft - -
Windows_server_2008 Microsoft * *
Windows_xp Microsoft - -
Windows_7 Microsoft - -
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_vista Microsoft - -
Windows_xp Microsoft * *
Windows_7 Microsoft * *
Windows_server_2008 Microsoft * *
Windows_vista Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2003 Microsoft * *
Windows_vista Microsoft * *
Windows_2003_server Microsoft * *
Windows_server_2008 Microsoft * *
Windows_2003_server Microsoft * *

References