9.3 - TA10-194A

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Microsoft Updates for Multiple Vulnerabilities

Informations
Name	TA10-194A	First vendor Publication	2010-07-13
Vendor	US-CERT	Last vendor Modification	2010-07-13
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.

I. Description

The Microsoft Security Bulletin Summary for July 2010 describes multiple vulnerabilities in Microsoft Windows and Microsoft Office.
Microsoft has released updates to address the vulnerabilities.

One of the bulletins released, MS10-042, addresses a previously identified vulnerability in the Windows Help and Support Center that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#578319.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for July 2010. The security bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA10-194A.html

CWE : Common Weakness Enumeration

%	Id	Name
60 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
20 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
20 %	CWE-78	Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11623

Oval ID:	oval:org.mitre.oval:def:11623
Title:	Microsoft Outlook SMB Attachment Vulnerability
Description:	Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0266	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007
Definition Synopsis:
Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6863.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8325.0 OR Outlook 2007 Microsoft Outlook 2007 is installed AND the version of Outlook.exe is less than 12.0.6535.5005

Definition Id: oval:org.mitre.oval:def:11733

Oval ID:	oval:org.mitre.oval:def:11733
Title:	Help Center URL Validation Vulnerability
Description:	The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-1885	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Vulnerable Microsoft Windows XP (x86) SP2 Microsoft Windows XP (x86) SP2 is installed AND Helpsvc.exe version is less than 5.1.2600.3720 OR Vulnerable Microsoft Windows XP (x86) SP3 Microsoft Windows XP (x86) SP3 is installed AND Helpsvc.exe version is less than 5.1.2600.5997 OR Vulnerable Microsoft Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 IF Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Helpsvc.exe version is less than 5.2.3790.4726

Definition Id: oval:org.mitre.oval:def:11756

Oval ID:	oval:org.mitre.oval:def:11756
Title:	ACCWIZ.dll Uninitialized Variable Vulnerability
Description:	The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-1881	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Access 2003
Definition Synopsis:
Access 2003 SP3 or greater is installed AND Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Access\InstallRoot!Path exists AND Accwiz.dll version is less than 11.0.8325.0

Definition Id: oval:org.mitre.oval:def:11907

Oval ID:	oval:org.mitre.oval:def:11907
Title:	Access ActiveX Control Vulnerability
Description:	The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0814	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Access 2003 Microsoft Access 2007
Definition Synopsis:
Vulnerable Access 2003 Access 2003 SP3 or greater is installed AND Accwiz.dll version is less than 11.0.8325.0 AND Check if HKLM\SOFTWARE\Microsoft\Office\11.0\Access\InstallRoot!Path (32-bit) exists OR Vulnerable Access 2007 Microsoft Access 2007 is installed AND MSACCESS.EXE version is less than 12.0.6535.5005

Definition Id: oval:org.mitre.oval:def:7195

Oval ID:	oval:org.mitre.oval:def:7195
Title:	Remote code execution vulnerability in Canonical Display Driver
Description:	Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3678	Version:	7
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):
Definition Synopsis:
IF Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND GDR or LDR update has been applied Cdd.dll version is less than 6.1.7600.16595 OR LDR Cdd.dll version is greater than or equal to 6.1.7600.20000 AND Cdd.dll version is less than 6.1.7600.20715

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Access cpe:2.3:a:microsoft:access:2007:sp2:::::: cpe:2.3:a:microsoft:access:2007:sp1:::::: cpe:2.3:a:microsoft:access:2003:sp3::::::	3
Application	Microsoft Outlook cpe:2.3:a:microsoft:outlook:2007:sp2:::::: cpe:2.3:a:microsoft:outlook:2007:sp1:::::: cpe:2.3:a:microsoft:outlook:2003:sp3:::::: cpe:2.3:a:microsoft:outlook:2002:sp3::::::	4
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server::sp2::::::* cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::	2
Os	Microsoft Windows 7 cpe:2.3:o:microsoft:windows_7:-:::::::*	1
Os	Microsoft Windows Server 2003 cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008:r2::::::x64:	1
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp3::::::* cpe:2.3:o:microsoft:windows_xp::sp2::::::* cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	3

SAINT Exploits

Description	Link
Microsoft Outlook SMB Attachment ATTACH_BY_REFERENCE vulnerability	More info here
Windows Help and Support Center -FromHCP URL whitelist bypass	More info here

OpenVAS Exploits

Date	Description
2010-07-14	Name : Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593) File : nvt/secpod_ms10-042.nasl
2010-07-14	Name : MS Office Access ActiveX Controls Remote Code Execution Vulnerabilities(982335) File : nvt/secpod_ms10-044.nasl
2010-07-14	Name : Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212) File : nvt/secpod_ms10-045.nasl
2010-06-11	Name : MS Windows Help and Support Center Remote Code Execution Vulnerability File : nvt/gb_ms_windows_help_n_support_center_code_exec_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
66296	Microsoft Outlook SMB Attachment Handling Arbitrary Program Execution Microsoft Office Outlook contains a flaw related to a failure to verify e-mail attachments properly. The issue is triggered when the program allows attachments to link to files other than what they appear to be. This may allow a context-dependent attacker to use a crafted message to execute arbitrary code.
66295	Microsoft IE / Office FieldList ActiveX (ACCWIZ.dll) Remote Code Execution Microsoft Office Access contains a flaw related to the way the FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll is instantiated by Internet Explorer and Office. This may allow a context-dependent attacker to corrupt memory and execute arbitrary code via crafted persisted storage data in an HTML document.
66294	Microsoft Office Access AccWizObjects ActiveX Remote Code Execution Microsoft Office Access contains a flaw related to the Microsoft Access Wizard Controls in ACCWIZ.dll. The issue is triggered when an attacker loads three specific controls in a specific order. This may allow a context-dependent attacker to execute arbitrary code via a crafted web site.
65264	Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Mis... Microsoft Windows contains a flaw related to the 'MPC::HexToNum()' function in 'helpctr.exe' failing to properly handle escape sequences. This may allow a remote attacker to bypass the trusted documents whitelist and execute arbitrary commands via a crafted hcp:// URL directed to the sysinfomain.htm help document.
64731	Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corru... A memory corruption flaw exists in Microsoft Windows. The Canonical Display Driver, cdd.dll, fails to sanitize user-supplied input when parsing data copied from user mode to kernel mode, resulting in memory corruption. With a specially crafted image file, a context-dependent attacker can execute arbitrary code.

Information Assurance Vulnerability Management (IAVM)

Date	Description
2010-07-15	IAVM : 2010-B-0053 - Microsoft Canonical Display Driver Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0024847
2010-07-15	IAVM : 2010-A-0095 - Microsoft Help and Support Center Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0024848
2010-07-15	IAVM : 2010-A-0094 - Multiple Vulnerabilities in Microsoft Office Access Severity : Category II - VMSKEY : V0024850
2010-07-15	IAVM : 2010-A-0093 - Microsoft Office Outlook Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0024852

Snort® IPS/IDS

Date	Description
2017-11-28	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 44670 - Revision : 1 - Type : FILE-OFFICE
2017-11-28	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 44669 - Revision : 1 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 37699 - Revision : 4 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook AttachMethods local file execution attempt RuleID : 37698 - Revision : 2 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook AttachMethods local file execution attempt RuleID : 37697 - Revision : 2 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 37696 - Revision : 2 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 37695 - Revision : 2 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook AttachMethods local file execution attempt RuleID : 37694 - Revision : 2 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook AttachMethods local file execution attempt RuleID : 37693 - Revision : 2 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 37692 - Revision : 2 - Type : FILE-OFFICE
2016-03-22	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 37691 - Revision : 2 - Type : FILE-OFFICE
2015-03-24	Microsoft Office Access multiple control instantiation memory corruption attempt RuleID : 33548 - Revision : 2 - Type : BROWSER-PLUGINS
2014-01-10	Multiple exploit kit Payload detection - readme.dll RuleID : 27898 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - calc.dll RuleID : 27897 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - contacts.dll RuleID : 27896 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.dll RuleID : 27895 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - about.dll RuleID : 27894 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	iFramer toolkit injected iframe detected - specific structure RuleID : 27271 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 27072 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 27071 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.dll RuleID : 26508 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit jar file downloaded RuleID : 26434 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page RuleID : 26343 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page - specific structure RuleID : 26342 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page RuleID : 26341 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval - ff.php RuleID : 26339 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	IFRAMEr injection detection - leads to exploit kit RuleID : 26338 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page - specific structure RuleID : 26337 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 26227 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit 32-alpha jar request RuleID : 25798 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 25611 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page RuleID : 25569 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 25568 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Multiple Exploit Kit Payload detection - setup.exe RuleID : 25526 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 25388 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - readme.exe RuleID : 25387 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - about.exe RuleID : 25386 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - calc.exe RuleID : 25385 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - contacts.exe RuleID : 25384 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.exe RuleID : 25383 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit malicious jar file dropped RuleID : 25382 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit url structure detected RuleID : 25043 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 24638 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection page - specific structure RuleID : 24637 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection page - specific structure RuleID : 24636 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page download attempt RuleID : 24608 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page received - specific structure RuleID : 24593 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 24548 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 24547 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page download attempt RuleID : 24546 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole admin page outbound access attempt RuleID : 24544 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole admin page inbound access attempt RuleID : 24543 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit fallback executable download RuleID : 24501 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole - Cookie Set RuleID : 24475 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page Received RuleID : 24228 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 - URI Structure RuleID : 24227 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page received RuleID : 24226 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole possible email Landing to 8 chr folder RuleID : 24171 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure RuleID : 24054 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure RuleID : 24053 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - fewbgazr catch RuleID : 23962 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - hwehes RuleID : 23850 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection attempt RuleID : 23849 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection attempt RuleID : 23848 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection page RuleID : 23797 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - Math.round catch RuleID : 23786 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - Math.floor catch RuleID : 23785 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 23781 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page request - tkr RuleID : 23622 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch ... RuleID : 23619 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 23159 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 23158 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Nuclear Pack exploit kit binary download RuleID : 23157 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Nuclear Pack exploit kit landing page RuleID : 23156 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection attempt RuleID : 22949 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole Exploit Kit javascript service method RuleID : 22088 - Revision : 12 - Type : EXPLOIT-KIT
2014-01-10	Blackhole landing redirection page RuleID : 22041 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole suspected landing page RuleID : 22040 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole suspected landing page RuleID : 22039 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit landing page with specific structure - Loading RuleID : 21876 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Possible exploit kit post compromise activity - taskkill RuleID : 21875 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Possible exploit kit post compromise activity - StrReverse RuleID : 21874 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - catch RuleID : 21661 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page Requested - /Index/index.php RuleID : 21660 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page Requested - /Home/index.php RuleID : 21659 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21658 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page - specific structure RuleID : 21657 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646-community - Revision : 16 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646 - Revision : 16 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - BBB RuleID : 21581 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific header RuleID : 21549 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific header RuleID : 21539 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492-community - Revision : 22 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492 - Revision : 22 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438-community - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit URL - search.php?page= RuleID : 21348 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit URL - .php?page= RuleID : 21347 - Revision : 12 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit malicious jar download RuleID : 21346 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit malicious jar request RuleID : 21345 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit pdf download RuleID : 21344 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit pdf request RuleID : 21343 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit response RuleID : 21259 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit control panel access RuleID : 21141 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21045 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21044 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit post-compromise download attempt - .php?e= RuleID : 21043 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit post-compromise download attempt - .php?f= RuleID : 21042 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit URL - main.php?page= RuleID : 21041 - Revision : 12 - Type : EXPLOIT-KIT
2014-01-10	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 20247 - Revision : 16 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 20246 - Revision : 16 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 19407 - Revision : 13 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 19406 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Outlook SMB attach by reference code execution attempt RuleID : 19405 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	Microsoft Access Wizard control memory corruption ActiveX clsid access RuleID : 19141 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Access ACCWIZ library release after free attempt - 2 RuleID : 17039 - Revision : 15 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Access ACCWIZ library release after free attempt - 1 RuleID : 17038 - Revision : 15 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Access multiple control instantiation memory corruption attempt RuleID : 17037 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Office Outlook AttachMethods local file execution attempt RuleID : 17036 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Outlook AttachMethods local file execution attempt RuleID : 17035 - Revision : 13 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Outlook AttachMethods local file execution attempt RuleID : 17034 - Revision : 14 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows Help Centre escape sequence XSS attempt RuleID : 16665 - Revision : 13 - Type : OS-WINDOWS
2014-01-10	Malformed BMP dimensions arbitrary code execution attempt RuleID : 16222 - Revision : 11 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

Date	Description
2010-07-13	Name : It is possible to execute arbitrary code on the remote Windows host through t... File : smb_nt_ms10-042.nasl - Type : ACT_GATHER_INFO
2010-07-13	Name : It is possible to execute arbitrary code on the remote Windows host through t... File : smb_nt_ms10-043.nasl - Type : ACT_GATHER_INFO
2010-07-13	Name : The version of Microsoft Office on the remote Windows host has multiple code ... File : smb_nt_ms10-044.nasl - Type : ACT_GATHER_INFO
2010-07-13	Name : The version of Microsoft Office installed on the remote Windows host has a co... File : smb_nt_ms10-045.nasl - Type : ACT_GATHER_INFO
2010-06-18	Name : It may be possible to execute arbitrary code on the remote host using Windows... File : smb_kb_2219475.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:53:49	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	5
Oval ID(s)	5
CPE ID(s)	15
Saint Exploit(s)	2
osvdb(s)	5
Openvas Exploit(s)	4
IAVM(s)	4
Snort® Rule(s)	127
Nessus® Exploit(s)	5

	Related
9.3	VU#578319
9.3	MS10-042
9.3	CVE-2010-1885
9.3	CVE-2010-1881
9.3	CVE-2010-0814
9.3	CVE-2010-0266
9.3	CVE-2009-3678
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)