Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update of ActiveX Kill Bits (980195) |
Informations | |||
---|---|---|---|
Name | MS10-034 | First vendor Publication | 2010-06-08 |
Vendor | Microsoft | Last vendor Modification | 2010-06-08 |
Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (June 8, 2010): Bulletin published.Summary: This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-034.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control V... File : nvt/secpod_ms11-027.nasl |
2010-06-15 | Name : Computer Associates WebScan ActiveX Control Multiple Remote Code Execution Vu... File : nvt/gb_ca_activex_mult_code_exec_vuln.nasl |
2010-06-09 | Name : Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability ... File : nvt/secpod_ms10-034.nasl |
2010-02-10 | Name : Microsoft Data Analyzer ActiveX Control Vulnerability (978262) File : nvt/secpod_ms10-008.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65218 | Microsoft IE 8 Developer Tools ActiveX Remote Code Execution Microsoft Internet Explorer 8 contains an unspecified flaw related to the Internet Explorer Developer Tools ActiveX Control, iedvtool.dll, that may allow a context-dependent attacker to execute arbitrary code via a crafted web page that causes system state corruption. No further details have been provided. |
62246 | Microsoft Data Analyzer ActiveX Web Page Handling Unspecified Arbitrary Code ... |
Snort® IPS/IDS
Date | Description |
---|---|
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 53118 - Revision : 1 - Type : BROWSER-PLUGINS |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53117 - Revision : 1 - Type : BROWSER-PLUGINS |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53116 - Revision : 1 - Type : BROWSER-PLUGINS |
2015-01-20 | Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access RuleID : 32843 - Revision : 3 - Type : BROWSER-PLUGINS |
2015-01-20 | Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access RuleID : 32842 - Revision : 4 - Type : BROWSER-PLUGINS |
2015-01-20 | Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access RuleID : 32840 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access RuleID : 16635 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Data Analyzer 3.5 ActiveX clsid unicode access RuleID : 16420 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 16419 - Revision : 15 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-04-13 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms11-027.nasl - Type : ACT_GATHER_INFO |
2010-06-09 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms10-034.nasl - Type : ACT_GATHER_INFO |
2010-02-09 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms10-008.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-26 22:59:46 |
|
2015-01-20 21:25:02 |
|
2014-02-17 11:46:34 |
|
2014-01-19 21:30:28 |
|