Executive Summary
| Summary | |
|---|---|
| Title | Microsoft Updates for Multiple Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | TA10-103A | First vendor Publication | 2010-04-13 |
| Vendor | US-CERT | Last vendor Modification | 2010-04-13 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Exchange. I. Description Microsoft has released security bulletins for multiple vulnerabilities in Microsoft Windows, Microsoft Windows Media Server on Windows 2000 Server, Microsoft Office Publisher, Microsoft Office Visio, and Microsoft Exchange. These bulletins are described in the Microsoft Security Bulletin Summary for April II. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a vulnerable application to crash, or spoof IPv4 addresses. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2010. The security bulletin describes any known issues related to the updates. |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA10-103A.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 36 % | CWE-20 | Improper Input Validation |
| 23 % | CWE-399 | Resource Management Errors |
| 14 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 9 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 5 % | CWE-200 | Information Exposure |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12175 | |||
| Oval ID: | oval:org.mitre.oval:def:12175 | ||
| Title: | SMTP Memory Allocation Vulnerability | ||
| Description: | The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0025 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | SMTP Microsoft Exchange Server 2000 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6732 | |||
| Oval ID: | oval:org.mitre.oval:def:6732 | ||
| Title: | Visio Index Calculation Memory Corruption Vulnerability | ||
| Description: | Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0256 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6770 | |||
| Oval ID: | oval:org.mitre.oval:def:6770 | ||
| Title: | Windows Virtual Path Parsing Vulnerability | ||
| Description: | The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0481 | Version: | 5 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6787 | |||
| Oval ID: | oval:org.mitre.oval:def:6787 | ||
| Title: | WinVerifyTrust Signature Validation Vulnerability | ||
| Description: | The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0486 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Authenticode Signature Verification |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6793 | |||
| Oval ID: | oval:org.mitre.oval:def:6793 | ||
| Title: | Windows Kernel Registry Key Vulnerability | ||
| Description: | Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0238 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6814 | |||
| Oval ID: | oval:org.mitre.oval:def:6814 | ||
| Title: | Windows Kernel Null Pointer Vulnerability | ||
| Description: | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0234 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6819 | |||
| Oval ID: | oval:org.mitre.oval:def:6819 | ||
| Title: | Visio Attribute Validation Memory Corruption Vulnerability | ||
| Description: | Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0254 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6859 | |||
| Oval ID: | oval:org.mitre.oval:def:6859 | ||
| Title: | SMB Client Message Size Vulnerability | ||
| Description: | The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0477 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6886 | |||
| Oval ID: | oval:org.mitre.oval:def:6886 | ||
| Title: | Cabview Corruption Validation Vulnerability | ||
| Description: | The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0487 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Cabinet File Viewer Shell Extension |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6918 | |||
| Oval ID: | oval:org.mitre.oval:def:6918 | ||
| Title: | SMB Client Response Parsing Vulnerability | ||
| Description: | The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0476 | Version: | 8 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7001 | |||
| Oval ID: | oval:org.mitre.oval:def:7001 | ||
| Title: | Media Services Stack-based Buffer Overflow Vulnerability | ||
| Description: | Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0478 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7012 | |||
| Oval ID: | oval:org.mitre.oval:def:7012 | ||
| Title: | Windows Kernel Exception Handler Vulnerability | ||
| Description: | The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0810 | Version: | 3 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7067 | |||
| Oval ID: | oval:org.mitre.oval:def:7067 | ||
| Title: | SMTP Server MX Record Vulnerability | ||
| Description: | The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0024 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | SMTP Microsoft Exchange Server 2003 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7113 | |||
| Oval ID: | oval:org.mitre.oval:def:7113 | ||
| Title: | Windows Kernel Memory Allocation Vulnerability | ||
| Description: | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0236 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7129 | |||
| Oval ID: | oval:org.mitre.oval:def:7129 | ||
| Title: | SMB Client Memory Allocation Vulnerability | ||
| Description: | The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0269 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7130 | |||
| Oval ID: | oval:org.mitre.oval:def:7130 | ||
| Title: | Windows Kernel Symbolic Link Creation Vulnerability | ||
| Description: | The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0237 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7141 | |||
| Oval ID: | oval:org.mitre.oval:def:7141 | ||
| Title: | Publisher Object Handler Validation Vulnerability | ||
| Description: | Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0479 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Office Publisher 2002 Microsoft Office Publisher 2003 Microsoft Office Publisher 2007 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7164 | |||
| Oval ID: | oval:org.mitre.oval:def:7164 | ||
| Title: | SMB Client Transaction Vulnerability | ||
| Description: | The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0270 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7170 | |||
| Oval ID: | oval:org.mitre.oval:def:7170 | ||
| Title: | VBScript Help Keypress Vulnerability | ||
| Description: | vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0483 | Version: | 12 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | VBScript 5.1 VBScript 5.6 VBScript 5.7 VBScript 5.8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7176 | |||
| Oval ID: | oval:org.mitre.oval:def:7176 | ||
| Title: | Windows Kernel Malformed Image Vulnerability | ||
| Description: | The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0482 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7186 | |||
| Oval ID: | oval:org.mitre.oval:def:7186 | ||
| Title: | SMB Client Incomplete Response Vulnerability | ||
| Description: | The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3676 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7281 | |||
| Oval ID: | oval:org.mitre.oval:def:7281 | ||
| Title: | Media Player Remote Code Execution Vulnerability | ||
| Description: | Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0268 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Windows Media Player 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7441 | |||
| Oval ID: | oval:org.mitre.oval:def:7441 | ||
| Title: | MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability | ||
| Description: | Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0480 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7509 | |||
| Oval ID: | oval:org.mitre.oval:def:7509 | ||
| Title: | Windows Kernel Symbolic Link Value Vulnerability | ||
| Description: | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0235 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7574 | |||
| Oval ID: | oval:org.mitre.oval:def:7574 | ||
| Title: | ISATAP IPv6 Source Address Spoofing Vulnerability | ||
| Description: | Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0812 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8654 | |||
| Oval ID: | oval:org.mitre.oval:def:8654 | ||
| Title: | Remote Code Execution vulnerability in VBScript | ||
| Description: | vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0483 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Publisher File Conversion Textbox buffer overflow | More info here |
| Windows Media Unicast Service transport information packet buffer overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-08-13 | MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow |
| 2010-04-28 | Windows Media Services ConnectFunnel Stack Buffer Overflow |
| 2010-09-05 | MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit |
| 2010-04-17 | Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-04-23 | Name : Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (... File : nvt/secpod_ms10-024.nasl |
| 2010-04-22 | Name : Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability File : nvt/gb_ms10_024.nasl |
| 2010-04-14 | Name : Microsoft Windows Authentication Verification Remote Code Execution Vulnerabi... File : nvt/secpod_ms10-019.nasl |
| 2010-04-14 | Name : Microsoft SMB Client Remote Code Execution Vulnerabilities (980232) File : nvt/secpod_ms10-020.nasl |
| 2010-04-14 | Name : Microsoft Windows Kernel Could Allow Elevation of Privilege (979683) File : nvt/secpod_ms10-021.nasl |
| 2010-04-14 | Name : Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232) File : nvt/secpod_ms10-022.nasl |
| 2010-04-14 | Name : Microsoft Office Publisher Remote Code Execution Vulnerability (981160) File : nvt/secpod_ms10-023.nasl |
| 2010-04-14 | Name : Microsoft Windows Media Services Remote Code Execution Vulnerability (980858) File : nvt/secpod_ms10-025.nasl |
| 2010-04-14 | Name : Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816) File : nvt/secpod_ms10-026.nasl |
| 2010-04-14 | Name : Microsoft Windows Media Player Could Allow Remote Code Execution (979402) File : nvt/secpod_ms10-027.nasl |
| 2010-04-14 | Name : Microsoft Visio Remote Code Execution Vulnerabilities (980094) File : nvt/secpod_ms10-028.nasl |
| 2010-04-14 | Name : Microsoft 'ISATAP' Component Spoofing Vulnerability (978338) File : nvt/secpod_ms10-029.nasl |
| 2010-03-10 | Name : MS Internet Explorer 'VBScript' Remote Code Execution Vulnerability File : nvt/gb_ms_ie_vbscript_remote_code_exec_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 64928 | Microsoft Windows SMB Client Transaction Response Handling Memory Corruption ... The SMB client in Microsoft Windows allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses SMB response |
| 64927 | Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handli... The SMB client in Microsoft Windows does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB response |
| 64926 | Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption ... The SMB client in Microsoft Windows does not properly handle SMB response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK) |
| 64925 | Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption ... The SMB client in Microsoft Windows does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted SMB response |
| 63765 | Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieva... |
| 63749 | Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow |
| 63748 | Microsoft Office Publisher 97 File Conversion TextBox Processing Overflow |
| 63747 | Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing W... |
| 63746 | Microsoft Windows Authenticode Signature Verification Cabview Manipulation Pr... |
| 63745 | Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validati... |
| 63742 | Microsoft Office Visio Unspecified Index Calculation Memory Corruption |
| 63741 | Microsoft Office Visio Unspecified Attribute Validation Memory Corruption |
| 63739 | Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote In... |
| 63738 | Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Rec... |
| 63736 | Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS |
| 63735 | Microsoft Windows Kernel Exception Handling Unspecified Local DoS |
| 63733 | Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privile... |
| 63732 | Microsoft Windows Kernel Malformed Image Handling Local DoS |
| 63731 | Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege... |
| 63730 | Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS |
| 63729 | Microsoft Windows Kernel Virtual Path Parsing Local DoS |
| 63728 | Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS |
| 63726 | Microsoft Windows Media Unicast Service Transport Packet Handling Remote Over... Windows is prone to an overflow condition. The Windows Media Unicast Service fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted FunnelConnect request, a remote attacker can potentially cause arbitrary code execution. |
| 62632 | Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execu... Windows contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered when a user is convinced to press F1 in response to a MessageBox originated from VBscript within a web page. |
| 59957 | Microsoft Windows SMB Response Handling Remote DoS |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2010-04-29 | IAVM : 2010-A-0068 - Microsoft Windows Media Services Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0024076 |
| 2010-04-15 | IAVM : 2010-B-0029 - Multiple Vulnerabilities in Microsoft Exchange and Windows SMTP Service Severity : Category II - VMSKEY : V0023955 |
| 2010-04-15 | IAVM : 2010-B-0030 - Microsoft Windows ISATAP Spoofing Vulnerability Severity : Category I - VMSKEY : V0023956 |
| 2010-04-15 | IAVM : 2010-A-0053 - Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0023999 |
| 2010-04-15 | IAVM : 2010-A-0052 - Microsoft Windows Media Player Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0024002 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-01-07 | Microsoft Windows and Server malformed header denial of service attempt RuleID : 52369 - Revision : 1 - Type : OS-WINDOWS |
| 2014-01-10 | (ipv6)ISATAP-addressedIPv6trafficspoofingattempt RuleID : 453 - Revision : 2 - Type : |
| 2016-04-09 | Microsoft Windows Media Player ActiveX unknown compression algorithm use afte... RuleID : 38144 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-09 | Microsoft Windows Media Player ActiveX unknown compression algorithm use afte... RuleID : 38143 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-09 | Microsoft Windows Media Player ActiveX unknown compression algorithm use afte... RuleID : 38142 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-09 | Microsoft Windows Media Player ActiveX unknown compression algorithm use afte... RuleID : 38141 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2014-03-27 | Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution ... RuleID : 29943 - Revision : 3 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution ... RuleID : 23237 - Revision : 8 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt RuleID : 19414 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt RuleID : 19413 - Revision : 16 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Internet Explorer MsgBox arbitrary code execution attempt RuleID : 19204 - Revision : 11 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer MsgBox arbitrary code execution attempt RuleID : 19203 - Revision : 11 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows Media Player ActiveX unknown compression algorithm use afte... RuleID : 18542 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows SMB Negotiate Protocol response DoS attempt RuleID : 18195 - Revision : 7 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Media Player codec code execution attempt RuleID : 16543 - Revision : 16 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt RuleID : 16542 - Revision : 20 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Windows Media Service stack overflow attempt RuleID : 16541 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution ... RuleID : 16540 - Revision : 18 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt RuleID : 16539 - Revision : 8 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Media Player ActiveX unknown compression algorithm use afte... RuleID : 16537 - Revision : 14 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Office Visio off-by-one in array index code execution attempt RuleID : 16536 - Revision : 13 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Visio improper attribute code execution attempt RuleID : 16535 - Revision : 13 - Type : FILE-OFFICE |
| 2014-01-10 | Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service att... RuleID : 16534 - Revision : 11 - Type : SERVER-OTHER |
| 2014-01-10 | SMB client TRANS response ring0 remote code execution attempt RuleID : 16532 - Revision : 6 - Type : NETBIOS |
| 2014-01-10 | SMB client TRANS response ring0 remote code execution attempt RuleID : 16531 - Revision : 11 - Type : NETBIOS |
| 2014-01-10 | CAB SIP authenticode alteration attempt RuleID : 16530 - Revision : 9 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 RuleID : 16454 - Revision : 8 - Type : OS-WINDOWS |
| 2014-01-10 | SMB Negotiate Protocol response DoS attempt - empty SMB 1 RuleID : 16453 - Revision : 4 - Type : SPECIFIC-THREATS |
| 2014-01-10 | Microsoft Internet Explorer .hlp samba share download attempt RuleID : 16452 - Revision : 13 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows SMB Negotiate Protocol response DoS attempt RuleID : 16287 - Revision : 8 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-04-03 | Name : The remote mail server may be affected by multiple vulnerabilities. File : exchange_ms10-024.nasl - Type : ACT_GATHER_INFO |
| 2010-04-27 | Name : The remote media service is affected by a remote code execution vulnerability. File : smb_kb_980858.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote Windows host has multiple code execution vulnerabilities. File : smb_nt_ms10-019.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : Arbitrary code can be executed on the remote host through the installed SMB c... File : smb_nt_ms10-020.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The Windows kernel is affected by eight vulnerabilities, including some that ... File : smb_nt_ms10-021.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : Arbitrary code can be executed on the remote host through the installed VBScr... File : smb_nt_ms10-022.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The version of Microsoft Office installed on the remote host has a buffer ove... File : smb_nt_ms10-023.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote mail server may be affected by multiple vulnerabilities. File : smb_nt_ms10-024.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote media service has a buffer overflow vulnerability. File : smb_nt_ms10-025.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : An audio codec on the remote Windows host has a buffer overflow vulnerability. File : smb_nt_ms10-026.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote Windows host has an ActiveX control that is affected by a code exe... File : smb_nt_ms10-027.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : Arbitrary code can be executed on the remote Windows host through Visio. File : smb_nt_ms10-028.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote host is vulnerable to network spoofing attacks. File : smb_nt_ms10-029.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote mail server may be affected by multiple vulnerabilities. File : smtp_kb981832.nasl - Type : ACT_GATHER_INFO |
