Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update of ActiveX Kill Bits (978262) |
Informations | |||
---|---|---|---|
Name | MS10-008 | First vendor Publication | 2010-02-09 |
Vendor | Microsoft | Last vendor Modification | 2010-02-10 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (February 10, 2010): Added the "Is this control installed by default in Microsoft Office?" entry to the vulnerability FAQ for CVE-2010-0252. Changed entries in the Systems Management Server table for SMS 2003 with ITMU for Windows 7 and Windows Server 2008 R2. These are informational changes only.Summary: This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-008.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-06-09 | Name : Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability ... File : nvt/secpod_ms10-034.nasl |
2010-02-10 | Name : Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) File : nvt/secpod_ms10-006.nasl |
2010-02-10 | Name : Microsoft Data Analyzer ActiveX Control Vulnerability (978262) File : nvt/secpod_ms10-008.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62267 | Panda ActiveScan as2stubie.dll ActiveX as2guiie.cab Archive Arbitrary Code Ex... |
62246 | Microsoft Data Analyzer ActiveX Web Page Handling Unspecified Arbitrary Code ... |
54137 | Symantec WinFax Pro Symantec.FaxViewerControl.1 ActiveX (DCCFAXVW.DLL) Append... |
Snort® IPS/IDS
Date | Description |
---|---|
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 53118 - Revision : 1 - Type : BROWSER-PLUGINS |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53117 - Revision : 1 - Type : BROWSER-PLUGINS |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53116 - Revision : 1 - Type : BROWSER-PLUGINS |
2014-01-10 | Symantec WinFax Pro ActiveX heap buffer overflow attempt RuleID : 27208 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Data Analyzer 3.5 ActiveX clsid unicode access RuleID : 16420 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 16419 - Revision : 15 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-06-09 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms10-034.nasl - Type : ACT_GATHER_INFO |
2010-02-09 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms10-008.nasl - Type : ACT_GATHER_INFO |
2009-04-30 | Name : The remote Windows host has an ActiveX control that is affected by a buffer o... File : winfax_activex_appendfax_overflow.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-26 22:58:37 |
|
2014-02-17 11:46:27 |
|
2014-01-19 21:30:26 |
|