Skip to main content

Windows 10 1803 CVE-2021-28310

HIGH
Out-of-bounds Write (CWE-787)
2021-04-13 secure@microsoft.com
7.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 04:22 CISA
CVE Published
Apr 13, 2021 - 20:15 cve.org
HIGH 7.8

DescriptionCVE.org

Win32k Elevation of Privilege Vulnerability

AnalysisAI

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Affected products include: Microsoft Windows 10 1803, Microsoft Windows 10 1809, Microsoft Windows 10 1909, Microsoft Windows 10 2004, Microsoft Windows 10 20H2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2020-1054 HIGH POC
7.8 May 21

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o

CVE-2020-0787 HIGH POC
7.8 Mar 12

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperl

CVE-2019-1405 HIGH POC
7.8 Nov 12

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows

CVE-2019-1322 HIGH POC
7.8 Oct 10

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W

CVE-2019-0841 HIGH POC
7.8 Apr 09

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li

CVE-2018-8453 HIGH POC
7.8 Oct 10

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in

CVE-2018-8440 HIGH POC
7.8 Sep 13

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A

CVE-2018-0824 HIGH POC
8.8 May 09

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized

CVE-2020-0601 HIGH POC
8.1 Jan 14

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c

CVE-2020-1464 HIGH POC
7.8 Aug 17

A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this

CVE-2020-1027 HIGH POC
7.8 Apr 15

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Window

CVE-2020-0683 HIGH POC
7.8 Feb 11

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W

Share

CVE-2021-28310 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy