CVSS: 10.0EPSS: 97%CPEs: 18EXPL: 1CVE-2010-2550 – Microsoft - SMB Server Trans2 Zero Size Pool Alloc (MS10-054)
https://notcve.org/view.php?id=CVE-2010-2550
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." El servidor SMB en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7 no valida adecuadamente los campos en una petición SMB, lo que permite a atacantes remotos ejecutar código de su elección a través de paquetes SMB manipulados, también conocido como "Vulnerabilidad SMB Pool Overflow" • https://www.exploit-db.com/exploits/14607 http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11106 https://seclists.org/fulldisclosure/2010/Aug/122 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 81%CPEs: 5EXPL: 0CVE-2010-2566
https://notcve.org/view.php?id=CVE-2010-2566
The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." El paquete de seguridad Secure Channel (también conocido como SChannel) en Microsoft Windows XP SP2 y SP3, y Windows Server 2003 SP2, no valida apropiadamente los mensajes de petición de certificado desde servidores TLS y SSL, lo que permite a servidores remotos ejecutar código de su elección a través de respuestas SSL manipuladas, también conocido como "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11787 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1895
https://notcve.org/view.php?id=CVE-2010-1895
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." Los controladores -drivers- de Windows kernel-mode en win32k.sys en Microsoft Windows XP SP2 y SP3 y Windows Server 2003 SP2 no reservan memoria de manera adecuada antes de copiar datos desde el entorno de usuario al entorno del kernel, lo que permite a usuarios locales alcanzar privilegios mediante una aplicación manipulada, también conocido como "Win32k Pool Overflow Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11844 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 91%CPEs: 4EXPL: 0CVE-2010-1882 – Microsoft Windows MPEG Layer-3 Audio Decoder Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1882
Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." Múltiples desbordamientos de búfer en el MPEG Layer-3 Audio Codec para Microsoft DirectShow en l3codecx.ax, en Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 permite a atacantes remotos ejecutar código de su elección a través de (1) un flujo de audio en MPEG Layer-3 o de un contenido para difusión manipulado, conocido tambíen por "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the codec responsible for parsing layer 3 MPEG audio streams. By providing invalid values within the stream, heap memory can be easily corrupted. • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11585 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 10EXPL: 4CVE-2010-2568 – Microsoft Windows Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2568
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. Shell de Windows en Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 SP2 y R2, y Windows 7 permite a usuarios locales o atacantes remotos ejecutar codigo a su elección a traves de un fichero de acceso directo (1) .LNK o (2) .PIF manipulado, el cual no es manejado adecuadamente mientras se muestra el icono en el Explorador de Windows, tal y como se demostro en Julio de 2010, originalmene referenciado por malware que aprovecha CVE-2010-2772 en los sistemas Siemens WinCC SCADA. Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user. • https://www.exploit-db.com/exploits/14403 https://www.exploit-db.com/exploits/16574 http://isc.sans.edu/diary.html?storyid=9181 http://isc.sans.edu/diary.html?storyid=9190 http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw http://secunia.com/advisories/40647 http://securitytracker.com/id?1024216 http://www.f-secure.com/weblog/archives/00001986.html http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf http://www.kb.cert.org/vuls/id&# •