2010-05-06 14:47:23 2019-04-30 17:00:13

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE
Microsoft Windows XP Service Pack 3 Tablet PC Microsoft Windows xp Sp3 (not an official CPE) Microsoft Windows XP SP3 English Microsoft Windows XP Service Pack 3 Professional Edition Microsoft Windows XP Service Pack 3 Embedded Edition Microsoft Windows XP Service Pack 3 Home Edition Microsoft Windows XP Service Pack 3 Media Center Edition Microsoft Windows XP Service Pack 1 Home Edition Microsoft Windows XP Service Pack 2 Home Edition Microsoft Windows XP Service Pack 2 x64 (64-bit) Microsoft Windows xp - Sp3 (not an official CPE) Microsoft Windows XP (gold) Home Edition Microsoft Windows XP (gold) x64 (64-bit) Microsoft Windows xp - (not an official CPE) Microsoft Windows XP (gold) 64-Bit Edition for Itanium systems, Version 2002 Microsoft Windows XP (gold) 64-Bit Edition, Version 2003 Microsoft Windows XP x86 (32-bit) Service Pack 2 Microsoft Windows XP Service Pack 3 Microsoft Windows XP (x86) Service Pack 3 Microsoft windows xp_sp2 media_center Microsoft Windows XP Professional SP2 Microsoft windows xp_sp2 tablet_pc Microsoft windows xp_sp2 embedded Microsoft Windows XP Service Pack 2 Microsoft windows xp_sp1 tablet_pc Microsoft windows xp_sp1 media_center Microsoft Windows XP Professional SP1 Microsoft windows xp_sp1 embedded Microsoft windows xp_gold tablet_pc Microsoft Windows XP Service Pack 1 Microsoft Windows XP Professional Gold Microsoft windows xp_gold embedded Microsoft windows xp_gold media_center Microsoft Windows XP x86 (32-bit) Microsoft windows xp_gold Microsoft windows 2003_sp2 storage Microsoft Windows 2003 Server Service Pack 2 Standard Microsoft windows 2003_sp2 enterprise Microsoft Windows 2003 Server Service Pack 2 Itanium Microsoft windows 2003_sp2 compute_cluster Microsoft windows 2003_sp2 datacenter Microsoft Windows 2003 Server Service Pack 2 Standard Microsoft windows 2003_sp1 storage Microsoft Windows 2003 Server Service Pack 2 Microsoft windows 2003_sp1 enterprise Microsoft windows 2003_sp1 compute_cluster Microsoft windows 2003_sp1 datacenter Microsoft Windows 2003 Server Service Pack 1 Microsoft Microsoft Windows 2003 Server R2 x64 (64-bit) Enterprise Edtion Microsoft Windows 2003 Server R2 x64 (64-bit) Standard Edtion Microsoft Windows 2003 Server R2 x64 (64-bit) Datacenter Edtion Microsoft windows 2003_r2 storage Microsoft Windows 2003 Server R2 Gold x64 (64-bit) Microsoft Windows 2003 Server Standard Edition R2 Microsoft windows 2003_r2 enterprise Microsoft windows 2003_r2 datacenter Microsoft windows 2003_r2 compute_cluster Microsoft Windows 2003 Server Gold x64 (64-bit) Standard Edition Microsoft Windows 2003 Server Gold x64 (64-bit) Microsoft Windows 2003 Server Gold x64 (64-bit) Enterprise Edition Microsoft windows 2003_gold storage Microsoft Windows 2003 Server Standard (Initial Release) Microsoft Windows 2003 gold itanium Microsoft windows 2003_gold enterprise Microsoft windows 2003_gold datacenter Microsoft windows 2003_gold Microsoft windows 2003_gold compute_cluster Microsoft Windows 2000 Service Pack 4 Microsoft Windows 2000 - (not an official CPE) Microsoft windows 2000_sp3 Microsoft windows 2000_sp1 Microsoft windows 2000_sp2 Microsoft windows 2000_rc2 Microsoft windows 2000_rc1 Microsoft windows 2000_gold Microsoft Windows 2000 Beta 3 Microsoft Windows 2000 - (not an official CPE)

Improper Input Validation (ID 20)

Related CAPEC 58 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Zone Scripting (CAPEC-ID 104) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Object Relational Mapping Injection (CAPEC-ID 109) SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) LDAP Injection (CAPEC-ID 136) Relative Path Traversal (CAPEC-ID 139) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Variable Manipulation (CAPEC-ID 171) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) XML Nested Payloads (CAPEC-ID 230) XML Oversized Payloads (CAPEC-ID 231) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) XML Injection (CAPEC-ID 250) Environment Variable Manipulation (CAPEC-ID 264) Global variable manipulation (CAPEC-ID 265) Leverage Alternate Encoding (CAPEC-ID 267) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Signature Spoof (CAPEC-ID 473) XML Client-Side Attack (CAPEC-ID 484) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Web Logs Tampering (CAPEC-ID 81) XPath Injection (CAPEC-ID 83) AJAX Fingerprinting (CAPEC-ID 85) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) XML Parser Attack (CAPEC-ID 99)