Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Microsoft Updates for Multiple Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | TA10-040A | First vendor Publication | 2010-02-09 |
| Vendor | US-CERT | Last vendor Modification | 2010-02-09 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Internet Explorer, and Microsoft Office. I. Description Microsoft has released multiple security bulletins for critical vulnerabilities in Microsoft Windows, Windows Server, Internet Explorer, and Microsoft Office. These bulletins are described in the Microsoft Security Bulletin Summary for February 2010. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application or system to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2010. The security bulletin describes any known issues related to the updates. |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA10-040A.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 31 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 23 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 15 % | CWE-20 | Improper Input Validation |
| 12 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 8 % | CWE-362 | Race Condition |
| 4 % | CWE-399 | Resource Management Errors |
| 4 % | CWE-310 | Cryptographic Issues |
| 4 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:7711 | |||
| Oval ID: | oval:org.mitre.oval:def:7711 | ||
| Title: | PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability | ||
| Description: | Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0033 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7751 | |||
| Oval ID: | oval:org.mitre.oval:def:7751 | ||
| Title: | SMB NTLM Authentication Lack of Entropy Vulnerability | ||
| Description: | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0231 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8006 | |||
| Oval ID: | oval:org.mitre.oval:def:8006 | ||
| Title: | Hyper-V Instruction Set Validation Vulnerability | ||
| Description: | The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0026 | Version: | 7 |
| Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8050 | |||
| Oval ID: | oval:org.mitre.oval:def:8050 | ||
| Title: | PowerPoint LinkedSlideAtom Heap Overflow Vulnerability | ||
| Description: | Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0030 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8064 | |||
| Oval ID: | oval:org.mitre.oval:def:8064 | ||
| Title: | DirectShow Heap Overflow Vulnerability | ||
| Description: | Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0250 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8081 | |||
| Oval ID: | oval:org.mitre.oval:def:8081 | ||
| Title: | PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability | ||
| Description: | Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0031 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8268 | |||
| Oval ID: | oval:org.mitre.oval:def:8268 | ||
| Title: | Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability | ||
| Description: | Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0034 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8278 | |||
| Oval ID: | oval:org.mitre.oval:def:8278 | ||
| Title: | SMB Client Pool Corruption Vulnerability | ||
| Description: | The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0016 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8298 | |||
| Oval ID: | oval:org.mitre.oval:def:8298 | ||
| Title: | SMB Client Race Condition Vulnerability | ||
| Description: | Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0017 | Version: | 6 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8303 | |||
| Oval ID: | oval:org.mitre.oval:def:8303 | ||
| Title: | PowerPoint OEPlaceholderAtom Use After Free Vulnerability | ||
| Description: | Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0032 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8304 | |||
| Oval ID: | oval:org.mitre.oval:def:8304 | ||
| Title: | CSRSS Local Privilege Elevation Vulnerability | ||
| Description: | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0023 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8314 | |||
| Oval ID: | oval:org.mitre.oval:def:8314 | ||
| Title: | SMB Null Pointer Vulnerability | ||
| Description: | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0022 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8344 | |||
| Oval ID: | oval:org.mitre.oval:def:8344 | ||
| Title: | Windows Kernel Exception Handler Vulnerability | ||
| Description: | The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0232 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8392 | |||
| Oval ID: | oval:org.mitre.oval:def:8392 | ||
| Title: | Windows Kernel Double Free Vulnerability | ||
| Description: | Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0233 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8399 | |||
| Oval ID: | oval:org.mitre.oval:def:8399 | ||
| Title: | MSO.DLL Buffer Overflow | ||
| Description: | Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0243 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows 7 | Product(s): | Microsoft Office XP |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8400 | |||
| Oval ID: | oval:org.mitre.oval:def:8400 | ||
| Title: | Header MDL Fragmentation Vulnerability | ||
| Description: | The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0240 | Version: | 1 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8410 | |||
| Oval ID: | oval:org.mitre.oval:def:8410 | ||
| Title: | PowerPoint File Path Handling Buffer Overflow Vulnerability | ||
| Description: | Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0029 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office PowerPoint 2002 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8428 | |||
| Oval ID: | oval:org.mitre.oval:def:8428 | ||
| Title: | Kerberos Null Pointer Dereference Vulnerability | ||
| Description: | The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0035 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8429 | |||
| Oval ID: | oval:org.mitre.oval:def:8429 | ||
| Title: | MS Paint Integer Overflow Vulnerability | ||
| Description: | Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0028 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8438 | |||
| Oval ID: | oval:org.mitre.oval:def:8438 | ||
| Title: | SMB Pathname Overflow Vulnerability | ||
| Description: | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0020 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8449 | |||
| Oval ID: | oval:org.mitre.oval:def:8449 | ||
| Title: | TCP/IP Selective Acknowledgement Vulnerability | ||
| Description: | The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0242 | Version: | 1 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8464 | |||
| Oval ID: | oval:org.mitre.oval:def:8464 | ||
| Title: | URL Validation Vulnerability | ||
| Description: | The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0027 | Version: | 12 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8478 | |||
| Oval ID: | oval:org.mitre.oval:def:8478 | ||
| Title: | ICMPv6 Router Advertisement Vulnerability | ||
| Description: | The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0239 | Version: | 1 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8516 | |||
| Oval ID: | oval:org.mitre.oval:def:8516 | ||
| Title: | ICMPv6 Route Information Vulnerability | ||
| Description: | The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0241 | Version: | 1 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8524 | |||
| Oval ID: | oval:org.mitre.oval:def:8524 | ||
| Title: | SMB Memory Corruption Vulnerability | ||
| Description: | Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0021 | Version: | 3 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption | More info here |
| Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-10-17 | Windows NTLM Weak Nonce Vulnerability |
| 2010-04-17 | Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC |
| 2010-01-19 | Windows NT - User Mode to Ring 0 Escalation Vulnerability |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-04-11 | Name : Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability File : nvt/gb_ms_windows_nic_security_bypass_vuln.nasl |
| 2010-11-25 | Name : Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145) File : nvt/gb_ms10-009.nasl |
| 2010-10-22 | Name : Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) File : nvt/secpod_ms10-012-remote.nasl |
| 2010-06-09 | Name : Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability ... File : nvt/secpod_ms10-034.nasl |
| 2010-02-10 | Name : Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerabili... File : nvt/secpod_ms10-007.nasl |
| 2010-02-10 | Name : Microsoft Windows Kernel Could Allow Elevation of Privilege (977165) File : nvt/secpod_ms10-015.nasl |
| 2010-02-10 | Name : Microsoft Kerberos Denial of Service Vulnerability (977290) File : nvt/secpod_ms10-014.nasl |
| 2010-02-10 | Name : Microsoft DirectShow Remote Code Execution Vulnerability (977935) File : nvt/secpod_ms10-013.nasl |
| 2010-02-10 | Name : Microsoft Windows SMB Server Multiple Vulnerabilities (971468) File : nvt/secpod_ms10-012.nasl |
| 2010-02-10 | Name : Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability... File : nvt/secpod_ms10-011.nasl |
| 2010-02-10 | Name : Microsoft Data Analyzer ActiveX Control Vulnerability (978262) File : nvt/secpod_ms10-008.nasl |
| 2010-02-10 | Name : Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) File : nvt/secpod_ms10-006.nasl |
| 2010-02-10 | Name : Microsoft Paint Remote Code Execution Vulnerability (978706) File : nvt/secpod_ms10-005.nasl |
| 2010-02-10 | Name : Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416) File : nvt/secpod_ms10-004.nasl |
| 2010-02-10 | Name : Microsoft Office (MSO) Remote Code Execution Vulnerability (978214) File : nvt/secpod_ms10-003.nasl |
| 2010-01-22 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (978207) File : nvt/secpod_ms10-002.nasl |
| 2010-01-22 | Name : Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability File : nvt/gb_ms_kernel_prv_esc_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62259 | Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation The Windows kernel contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered by an unspecified double-free, allowing a local attacker to execute arbitrary code in kernel mode. |
| 62258 | Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Derefe... Microsoft Windows Kerberos contains a flaw that may allow a remote denial of service. The issue is triggered by specially crafted Ticket-Granting-Ticket renewal requests by a client on a remote, non-Windows realm in a mixed-mode Kerberos implementation occurs, and will result in loss of availability for the Windows controller. |
| 62257 | Microsoft Windows DirectShow AVI File Decompression Overflow Windows is prone to an overflow condition. DirectShow fails to properly sanitize user-supplied input resulting in a heap overflow. With a specially crafted AVI file, a context-dependent attacker can potentially cause arbitrary code execution. |
| 62256 | Microsoft Windows SMB Server Crafted Network Message Remote Code Execution The SMB server in Microsoft Windows is prone to an overflow condition. The service fails to properly sanitize user-supplied input when handling path names resulting in an overflow. With a specially crafted SMB request, an authenticated attacker can potentially cause execution of arbitrary code or a denial of service. |
| 62255 | Microsoft Windows SMB Server Crafted Packet Handling Remote DoS |
| 62254 | Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS |
| 62253 | Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness Flaws in Microsoft's implementation of the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces and an information leak allow an unauthenticated remote attacker without any kind of credentials to access the SMB service of the target system under the credentials of an authorized user. Depending on the privileges of the user, the attacker will be able to obtain and modify files on the target system and execute arbitrary code. |
| 62252 | Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Terminatio... |
| 62251 | Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS |
| 62250 | Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Re... |
| 62249 | Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote C... |
| 62248 | Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remot... |
| 62247 | Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remot... |
| 62246 | Microsoft Data Analyzer ActiveX Web Page Handling Unspecified Arbitrary Code ... |
| 62245 | Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Comman... |
| 62244 | Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code... |
| 62243 | Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege ... Windows contains a flaw that may allow a remote attacker to execute arbitrary code or allow a local attacker to elevate privileges. The issue is triggered by a specially crafted SMB response to client-initiated SMB request or specially crafted SMB negotiate responses. |
| 62242 | Microsoft Windows Paint JPEG Image Decoding Overflow Paint is prone to an overflow condition. The JPEG decoder fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted JPEG image file, a remote attacker can potentially cause arbitrary code execution within the context of the local user account. |
| 62241 | Microsoft Office Powerpoint TextBytesAtom Record Handling Remote Code Execution |
| 62240 | Microsoft Office Powerpoint TextCharsAtom Record Handling Remote Code Execution |
| 62239 | Microsoft Office Powerpoint File Path Handling Overflow |
| 62238 | Microsoft Office Powerpoint LinkedSlideAtom Handling Remote Code Execution |
| 62237 | Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling ... |
| 62236 | Microsoft Office Powerpoint msofbtClientData Container OEPlaceholderAtom Use ... |
| 62235 | Microsoft Office Excel MSO.DLL OfficeArtSpgr Container Overflow |
| 61909 | Microsoft IE Unspecified Crafted URL Handling Arbitrary Code Execution |
| 61854 | Microsoft Windows #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2010-02-19 | IAVM : 2010-B-0013 - Microsoft Windows Kerberos Denial of Service Vulnerability Severity : Category II - VMSKEY : V0022675 |
| 2010-02-18 | IAVM : 2010-B-0014 - Microsoft Paint Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0022674 |
| 2010-02-18 | IAVM : 2010-B-0012 - Microsoft Windows Hyper-V Denial of Service Vulnerability Severity : Category II - VMSKEY : V0022676 |
| 2010-02-18 | IAVM : 2010-A-0025 - Microsoft DirectShow Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0022679 |
| 2010-02-18 | IAVM : 2010-A-0027 - Microsoft Office Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0022681 |
| 2010-02-18 | IAVM : 2010-A-0028 - Multiple Remote Vulnerabilities in Microsoft Office PowerPoint Severity : Category II - VMSKEY : V0022682 |
| 2010-02-18 | IAVM : 2010-A-0029 - Microsoft Windows Shell Handler Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0022683 |
| 2010-02-18 | IAVM : 2010-A-0030 - Multiple Vulnerabilities in Microsoft Windows TCP/IP Severity : Category I - VMSKEY : V0022684 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 53118 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53117 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53116 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2019-11-19 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 51947 - Revision : 1 - Type : FILE-OFFICE |
| 2019-11-19 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 51946 - Revision : 1 - Type : FILE-OFFICE |
| 2018-06-12 | SMB client NULL deref race condition attempt RuleID : 46637 - Revision : 1 - Type : NETBIOS |
| 2017-10-10 | Microsoft DirectShow memory corruption attempt RuleID : 44306 - Revision : 2 - Type : OS-WINDOWS |
| 2017-10-10 | Microsoft DirectShow memory corruption attempt RuleID : 44305 - Revision : 2 - Type : OS-WINDOWS |
| 2017-10-10 | Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt RuleID : 44280 - Revision : 1 - Type : FILE-OFFICE |
| 2017-10-03 | Microsoft Windows Shell Handler remote code execution attempt RuleID : 44218 - Revision : 1 - Type : OS-WINDOWS |
| 2017-10-03 | Microsoft Windows Shell Handler remote code execution attempt RuleID : 44217 - Revision : 1 - Type : OS-WINDOWS |
| 2017-10-03 | Microsoft Windows Shell Handler remote code execution attempt RuleID : 44216 - Revision : 1 - Type : OS-WINDOWS |
| 2017-01-25 | Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 41094 - Revision : 2 - Type : FILE-OFFICE |
| 2016-03-14 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 36888 - Revision : 2 - Type : FILE-OFFICE |
| 2016-03-14 | Microsoft Windows Paint jpeg with malformed SOFx field integer overflow attempt RuleID : 36884 - Revision : 1 - Type : FILE-IMAGE |
| 2016-03-14 | Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt RuleID : 36818 - Revision : 1 - Type : FILE-IMAGE |
| 2016-03-14 | Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt RuleID : 36817 - Revision : 1 - Type : FILE-IMAGE |
| 2014-11-16 | Microsoft Office Malformed MSODrawing Record attempt RuleID : 31462 - Revision : 3 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Excel Malformed MSODrawing Record attempt RuleID : 31461 - Revision : 3 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 31437 - Revision : 2 - Type : FILE-OFFICE |
| 2014-06-07 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 30941 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt RuleID : 25527 - Revision : 5 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Malformed MSODrawing Record attempt RuleID : 23270 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 22037 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 20590 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt RuleID : 19894 - Revision : 18 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 19443 - Revision : 8 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office embedded Office Art drawings execution attempt RuleID : 19442 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 19303 - Revision : 17 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 19296 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Windows Paint jpeg with malformed SOFx field integer overflow attempt RuleID : 19130 - Revision : 17 - Type : FILE-IMAGE |
| 2014-01-10 | Microsoft Windows Hypervisor vfd download attempt RuleID : 18396 - Revision : 10 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buff... RuleID : 18249 - Revision : 6 - Type : PROTOCOL-ICMP |
| 2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 17723 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt RuleID : 16422 - Revision : 19 - Type : FILE-IMAGE |
| 2014-01-10 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 16421 - Revision : 18 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Data Analyzer 3.5 ActiveX clsid unicode access RuleID : 16420 - Revision : 5 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 16419 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | SMB client NULL deref race condition attempt RuleID : 16418 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | Microsoft Windows SMB Negotiate Protocol Response overflow attempt RuleID : 16417 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Office Excel Malformed MSODrawing Record attempt RuleID : 16416 - Revision : 17 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft DirectShow memory corruption attempt RuleID : 16415 - Revision : 9 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Shell Handler remote code execution attempt RuleID : 16414 - Revision : 14 - Type : OS-WINDOWS |
| 2015-05-28 | Microsoft PowerPoint unbound memcpy and remote code execution attempt RuleID : 16413 - Revision : 6 - Type : WEB-CLIENT |
| 2014-01-10 | Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt RuleID : 16412 - Revision : 19 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office PowerPoint out of bounds value remote code execution attempt RuleID : 16411 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corrup... RuleID : 16410 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office PowerPoint improper filename remote code execution attempt RuleID : 16409 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Windows TCP SACK invalid range denial of service attempt RuleID : 16408 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buf... RuleID : 16405 - Revision : 6 - Type : PROTOCOL-ICMP |
| 2014-01-10 | Microsoft Windows SMB unicode invalid server name share access RuleID : 16404 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB unicode andx invalid server name share access RuleID : 16403 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB invalid server name share access RuleID : 16402 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB andx invalid server name share access RuleID : 16401 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB unicode invalid server name share access RuleID : 16400 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB unicode andx invalid server name share access RuleID : 16399 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB invalid server name share access RuleID : 16398 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB andx invalid server name share access RuleID : 16397 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | SMB server srvnet.sys driver race condition attempt RuleID : 16396 - Revision : 5 - Type : NETBIOS |
| 2014-01-10 | Microsoft Windows SMB COPY command oversized pathname attempt RuleID : 16395 - Revision : 7 - Type : OS-WINDOWS |
| 2014-01-10 | Active Directory Kerberos referral TGT renewal DoS attempt RuleID : 16394 - Revision : 5 - Type : OS-WINDOWS |
| 2014-01-10 | Telnet-based NTLM replay attack attempt RuleID : 15847 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | SMB replay attempt via NTLMSSP - overlapping encryption keys detected RuleID : 15453 - Revision : 16 - Type : OS-WINDOWS |
| 2014-01-10 | Web-based NTLM replay attack attempt RuleID : 15124 - Revision : 17 - Type : OS-WINDOWS |
| 2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 15009 - Revision : 22 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_feb2010.nasl - Type : ACT_GATHER_INFO |
| 2010-09-13 | Name : It is possible to execute arbitrary code on the remote Windows host due to fl... File : smb_kb971468.nasl - Type : ACT_GATHER_INFO |
| 2010-06-09 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms10-034.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : Arbitrary code can be executed on the remote host through Microsoft Office. File : smb_nt_ms10-003.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File : smb_nt_ms10-004.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : Arbitrary code can be executed on the remote host through Microsoft Paint. File : smb_nt_ms10-005.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : Arbitrary code can be executed on the remote host through its SMB client. File : smb_nt_ms10-006.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : An API function on the remote host has a code execution vulnerability. File : smb_nt_ms10-007.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms10-008.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : The remote host has multiple vulnerabilities in its TCP/IP implementation. File : smb_nt_ms10-009.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : A local attacker can crash the remote host. File : smb_nt_ms10-010.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : Users can elevate their privileges on the remote host. File : smb_nt_ms10-011.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : It is possible to execute arbitrary code on the remote Windows host due to fl... File : smb_nt_ms10-012.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : It is possible to execute arbitrary code on the remote Windows host using Dir... File : smb_nt_ms10-013.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : It is possible to crash the remote service. File : smb_nt_ms10-014.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : The Windows kernel is affected by two vulnerabilities allowing a local attack... File : smb_nt_ms10-015.nasl - Type : ACT_GATHER_INFO |
| 2009-01-21 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-002.nasl - Type : ACT_GATHER_INFO |
