Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-2746 | First vendor Publication | 2010-10-13 |
Vendor | Cve | Last vendor Modification | 2023-12-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2746 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7272 | |||
Oval ID: | oval:org.mitre.oval:def:7272 | ||
Title: | Comctl32 Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2746 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-10-13 | Name : Windows Common Control Library Remote Code Execution Vulnerability (2296011) File : nvt/secpod_ms10-081.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68549 | Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Conte... Microsoft Windows is prone to an overflow condition. The common control library, Comctl32.dll, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted HTML document, a context-dependent attacker can potentially execute arbitrary code. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-10-14 | IAVM : 2010-B-0090 - Microsoft Windows Common Control Library Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0025534 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-17 | Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt RuleID : 33479 - Revision : 2 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt RuleID : 18297 - Revision : 16 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-13 | Name : A library on the remote Windows host has a buffer overflow vulnerability. File : smb_nt_ms10-081.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:13:39 |
|
2024-02-01 12:03:44 |
|
2023-12-07 21:28:03 |
|
2023-09-05 12:12:43 |
|
2023-09-05 01:03:35 |
|
2023-09-02 12:12:45 |
|
2023-09-02 01:03:38 |
|
2023-08-12 12:15:10 |
|
2023-08-12 01:03:37 |
|
2023-08-11 12:12:49 |
|
2023-08-11 01:03:45 |
|
2023-08-06 12:12:20 |
|
2023-08-06 01:03:39 |
|
2023-08-04 12:12:25 |
|
2023-08-04 01:03:40 |
|
2023-07-14 12:12:21 |
|
2023-07-14 01:03:38 |
|
2023-03-29 01:14:08 |
|
2023-03-28 12:03:44 |
|
2022-10-11 12:11:01 |
|
2022-10-11 01:03:25 |
|
2021-05-04 12:11:47 |
|
2021-04-22 01:12:24 |
|
2020-05-23 00:26:08 |
|
2019-02-26 17:19:33 |
|
2018-10-31 00:20:05 |
|
2018-10-13 00:22:58 |
|
2018-09-20 12:08:25 |
|
2017-09-19 09:23:52 |
|
2016-09-30 01:02:28 |
|
2016-08-31 12:02:12 |
|
2016-08-05 12:02:33 |
|
2016-06-28 18:16:20 |
|
2016-04-26 19:58:16 |
|
2015-03-17 21:26:19 |
|
2014-02-17 10:56:30 |
|
2014-01-19 21:26:59 |
|
2013-11-11 12:38:51 |
|
2013-05-10 23:29:06 |
|