Trusted Design

• 重大度: Unknown
• 公開日: 2010-12-03
• 更新日: 2025-10-22

概要

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

このCVEに関連するMITRE ATT&CKテクニック

• T1055.011 - Extra Window Memory Injection
• T1218.011 - Rundll32
• T1548.002 - Bypass User Account Control
• T1003.002 - Security Account Manager
• T1574.011 - Services Registry Permissions Weakness
• T1583.002 - DNS Server
• T1114.001 - Local Email Collection
• T1003.004 - LSA Secrets
• T1192 - Spearphishing Link
• T1121 - Regsvcs/Regasm
• T1598.003 - Spearphishing Link
• T1214 - Credentials in Registry
• T1583.005 - Botnet
• T1103 - AppInit DLLs
• T1552.002 - Credentials in Registry
• T1498.002 - Reflection Amplification
• T1556.002 - Password Filter DLL
• T1106 - Native API
• T1608.001 - Upload Malware
• T1070.008 - Clear Mailbox Data
• T1038 - DLL Search Order Hijacking
• T1050 - New Service
• T1016.002 - Wi-Fi Discovery
• T1518.002 - Backup Software Discovery
• T1182 - AppCert DLLs
• T1218.003 - CMSTP
• T1525 - Implant Internal Image
• T1218.002 - Control Panel
• T1181 - Extra Window Memory Injection
• T1145 - Private Keys
• T1112 - Modify Registry
• T1555.003 - Credentials from Web Browsers
• T1535 - Unused/Unsupported Cloud Regions
• T1155 - AppleScript
• T1563 - Remote Service Session Hijacking
• T1681 - Search Threat Vendor Data
• T1117 - Regsvr32
• T1177 - LSASS Driver
• T1055.013 - Process Doppelgänging
• T1546.008 - Accessibility Features
• T1027.017 - SVG Smuggling
• T1083 - File and Directory Discovery
• T1055.004 - Asynchronous Procedure Call
• T1546.009 - AppCert DLLs
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1218.012 - Verclsid
• T1584.005 - Botnet
• T1218.005 - Mshta
• T1608 - Stage Capabilities
• T1608.005 - Link Target
• T1021.007 - Cloud Services
• T1496.004 - Cloud Service Hijacking
• T1134.004 - Parent PID Spoofing
• T1071.002 - File Transfer Protocols
• T1574.013 - KernelCallbackTable
• T1219.003 - Remote Access Hardware
• T1562.001 - Disable or Modify Tools
• T1559 - Inter-Process Communication
• T1574 - Hijack Execution Flow
• T1078 - Valid Accounts
• T1073 - DLL Side-Loading
• T1068 - Exploitation for Privilege Escalation
• T1110.004 - Credential Stuffing
• T1187 - Forced Authentication
• T1486 - Data Encrypted for Impact
• T1218.010 - Regsvr32
• T1036.003 - Rename Legitimate Utilities
• T1595.003 - Wordlist Scanning
• T1137.004 - Outlook Home Page
• T1614.001 - System Language Discovery
• T1012 - Query Registry
• T1218.009 - Regsvcs/Regasm
• T1499 - Endpoint Denial of Service
• T1065 - Uncommonly Used Port
• T1088 - Bypass User Account Control
• T1090.004 - Domain Fronting
• T1546.010 - AppInit DLLs
• T1213.003 - Code Repositories
• T1555.004 - Windows Credential Manager
• T1194 - Spearphishing via Service
• T1159 - Launch Agent
• T1543.002 - Systemd Service
• T1046 - Network Service Discovery
• T1538 - Cloud Service Dashboard
• T1550.002 - Pass the Hash
• T1653 - Power Settings
• T1137.002 - Office Test
• T1204.001 - Malicious Link
• T1547.008 - LSASS Driver
• T1480.001 - Environmental Keying
• T1055.001 - Dynamic-link Library Injection
• T1056.004 - Credential API Hooking
• T1529 - System Shutdown/Reboot

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る