Main Vulnerability Database Exploits ID:43 - Exploit for Improper validation of array index in Windows and Windows Server - CVE-2010-2743

ID:43 - Exploit for Improper validation of array index in Windows and Windows Server - CVE-2010-2743

Published: March 18, 2020

Vulnerability identifier: #VU5542

Vulnerability risk: Medium

CVE-ID: CVE-2010-2743

CWE-ID: CWE-129

Exploitation vector: Local access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://www.rapid7.com/db/modules/post/windows/escalate/ms10_073_kbdlayout

Vulnerability description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to an error in Win32k.sys driver when handling keyboard layouts as the Windows kernel fails to validate that an array index is within the bounds of the array. A local user can load a specially crafted keyboard layout and execute arbitrary code on the target system with privileges of SYSTEM account.

Successful exploitation of this vulnerability may allow an attacker to escalate privileges on vulnerable system.

Note: this vulnerability is being actively exploited by Stuxnet.

Remediation

Install updates from vendor's website.

ID:43 - Exploit for Improper validation of array index in Windows and Windows Server - CVE-2010-2743

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human