Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-3227 | First vendor Publication | 2010-10-26 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3227 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 | |
Os | 2 | |
Os | 2 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2010-10-13 | Name : Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability ... File : nvt/secpod_ms10-074.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68585 | Microsoft Foundation Classes (MFC) Library Window Title Handling Remote Overflow Microsoft Foundation Classes Library is prone to an overflow condition. The 'UpdateFrameTitleForDocument' method in the 'CFrameWnd' class in 'mfc42.dll' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted long window title, a context-dependent attacker can potentially execute arbitrary code. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-10-14 | IAVM : 2010-B-0091 - Microsoft Foundation Classes Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0025532 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-11-02 | ZIP file name overflow attempt RuleID : 44473 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | ZIP file name overflow attempt RuleID : 21484 - Revision : 18 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows MFC Document title updating buffer overflow attempt RuleID : 19212 - Revision : 7 - Type : EXPLOIT |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-13 | Name : It is possible to execute arbitrary code on the remote Windows host through t... File : smb_nt_ms10-074.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:13:55 |
|
2024-02-01 12:03:49 |
|
2023-11-07 21:47:33 |
|
2023-09-05 12:12:58 |
|
2023-09-05 01:03:41 |
|
2023-09-02 12:13:02 |
|
2023-09-02 01:03:43 |
|
2023-08-12 12:15:30 |
|
2023-08-12 01:03:43 |
|
2023-08-11 12:13:05 |
|
2023-08-11 01:03:51 |
|
2023-08-06 12:12:35 |
|
2023-08-06 01:03:45 |
|
2023-08-04 12:12:40 |
|
2023-08-04 01:03:46 |
|
2023-07-14 12:12:37 |
|
2023-07-14 01:03:44 |
|
2023-03-29 01:14:27 |
|
2023-03-28 12:03:50 |
|
2022-10-11 12:11:15 |
|
2022-10-11 01:03:31 |
|
2021-05-04 12:12:17 |
|
2021-04-22 01:13:03 |
|
2020-05-23 00:26:23 |
|
2018-10-31 00:20:06 |
|
2018-10-13 00:22:59 |
|
2018-08-14 00:19:29 |
|
2018-01-17 21:22:24 |
|
2017-11-21 21:22:42 |
|
2017-09-19 09:23:55 |
|
2016-09-30 01:02:31 |
|
2016-06-28 18:18:13 |
|
2016-04-26 20:03:49 |
|
2014-02-17 10:57:10 |
|
2014-01-19 21:27:06 |
|
2013-11-11 12:38:55 |
|
2013-05-10 23:31:43 |
|