Vulnerabilities > CVE-2010-2743 - Unspecified vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus
exploit available
metasploit
NVD
Published: 2011-01-20
Updated: 2023-12-07

Summary

The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.

Vulnerable Configurations

Part Description Count
OS
Microsoft
18

Exploit-Db

descriptionWin32k - Keyboard Layout Vulnerability (MS10-073). CVE-2010-2743. Local exploit for windows platform
idEDB-ID:15985
last seen2016-02-01
modified2011-01-13
published2011-01-13
reporterRuben Santamarta
sourcehttps://www.exploit-db.com/download/15985/
titleWin32k - Keyboard Layout Vulnerability MS10-073

Metasploit

descriptionThis module exploits the keyboard layout vulnerability exploited by Stuxnet. When processing specially crafted keyboard layout files (DLLs), the Windows kernel fails to validate that an array index is within the bounds of the array. By loading a specially crafted keyboard layout, an attacker can execute code in Ring 0.
idMSF:POST/WINDOWS/ESCALATE/MS10_073_KBDLAYOUT
last seen2020-05-21
modified2019-01-09
published2011-01-18
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/post/windows/escalate/ms10_073_kbdlayout.rb
titleWindows Escalate NtUserLoadKeyboardLayoutEx Privilege Escalation

Msbulletin

bulletin_idMS10-073
bulletin_url
date2010-10-12T00:00:00
impactElevation of Privilege
knowledgebase_id981957
knowledgebase_url
severityImportant
titleVulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS10-073.NASL
descriptionThe remote Windows host is running a version of the Windows kernel that is affected by the following vulnerabilities : - A reference count leak, which could result in arbitrary code execution in the kernel. (CVE-2010-2549) - Kernel-mode drivers load unspecified keyboard layers improperly, which could result in arbitrary code execution in the kernel. (CVE-2010-2743) - Kernel-mode drivers do not properly validate unspecified window class data, which could result in arbitrary code execution in the kernel. (CVE-2010-2744)
last seen2020-06-01
modified2020-06-02
plugin id49950
published2010-10-13
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/49950
titleMS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)

Oval

accepted2014-03-03T04:01:23.511-05:00
classvulnerability
contributors
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameDragos Prisaca
    organizationSymantec Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Windows XP (x86) SP3 is installed
    ovaloval:org.mitre.oval:def:5631
  • commentMicrosoft Windows XP x64 Edition SP2 is installed
    ovaloval:org.mitre.oval:def:4193
  • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
    ovaloval:org.mitre.oval:def:2161
  • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
    ovaloval:org.mitre.oval:def:1935
  • commentMicrosoft Windows Server 2003 (ia64) SP2 is installed
    ovaloval:org.mitre.oval:def:1442
  • commentMicrosoft Windows Vista (32-bit) Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:4873
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Vista x64 Edition Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:5254
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6124
  • commentMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6216
  • commentMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5653
  • commentMicrosoft Windows Vista x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5594
  • commentMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6150
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
descriptionThe kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
familywindows
idoval:org.mitre.oval:def:7514
statusaccepted
submitted2010-08-10T13:00:00
titleWin32k Keyboard Layout Vulnerability
version80

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/97523/ms10-073-kbdlayout.txt
idPACKETSTORM:97523
last seen2016-12-05
published2011-01-13
reporterRuben Santamarta
sourcehttps://packetstormsecurity.com/files/97523/Win32k-Keyboard-Layout-Vulnerability.html
titleWin32k Keyboard Layout Vulnerability

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 43773,43774 CVE ID: CVE-2010-2744,CVE-2010-2743 Microsoft Windows是微软发布的非常流行的操作系统。 Windows Win32k.sys内核态驱动加载特定键盘布局和验证窗口类数据的方式存在权限提升漏洞。成功利用这个漏洞的攻击者可以执行任意内核态代码。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP3 Microsoft Windows XP Pro x64版SP2 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows 7 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS10-073)以及相应补丁: MS10-073:Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) 链接:http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx?pf=true
idSSV:20166
last seen2017-11-19
modified2010-10-15
published2010-10-15
reporterRoot
titleMicrosoft Windows Win32k.sys内核驱动多个本地权限提升漏洞(MS10-073)

References