CVSS: 10.0EPSS: 95%CPEs: 46EXPL: 1CVE-2010-0027 – Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0027
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." La funcionalidad de validación de URL en Microsoft Internet Explorer versiones 5.01, 6, 6 SP1, 7 y 8, y la función de la API ShellExecute en Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, no procesa apropiadamente los parámetros de entrada, lo que permite a los atacantes remotos ejecutar programas locales arbitrarios por medio de una URL creada, también conocida como "URL Validation Vulnerability". This vulnerability allows remote attackers to force a Microsoft Windows system to execute a given local executable. User interaction is required in that the target must access a malicious URL. The specific flaw exists within the ShellExecute API. Using a specially formatted URL an attacker can bypass sanitization checks within this function and force the calling application into running an executable of their choice. • https://www.exploit-db.com/exploits/33552 http://www.securityfocus.com/archive/1/509470/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA10-040A.html http://www.zerodayinitiative.com/advisories/ZDI-10-016 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-007 https://exchange.xforce.ibmcloud.com/vulnerabilities/55773 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 93%CPEs: 25EXPL: 0CVE-2010-0247
https://notcve.org/view.php?id=CVE-2010-0247
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue correctamente iniciado o (2) es borrado, lo que conduce a una corrupción de memoria, también conocida como "Vulnerabilidad de Corrupción de Memoria no Iniciada". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/55777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8506 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 93%CPEs: 59EXPL: 0CVE-2010-0244 – Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0244
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue correctamente iniciado o (2) es borrado, lo que conduce a una corrupción de memoria, también conocida como "Vulnerabilidad de Corrupción de Memoria no Iniciada", una vulnerabilidad diferente a CVE-2009-2530 and CVE-2009-2531. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a Col element is used within an HTML table container. If this element is removed while the table is in use a cache that exists of the table's cells will be used after one of it's elements has been invalidated. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/55774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8186 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 97%CPEs: 59EXPL: 1CVE-2010-0248 – Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0248
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue correctamente iniciado o (2) es borrado, lo que conduce a una corrupción de memoria, también conocida como "Vulnerabilidad de Corrupción de Memoria del Objeto HTML". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of cloned DOM objects in JavaScript. A specially crafted sequence of object cloning can result in the use of a pointer after it has been freed. • https://www.exploit-db.com/exploits/18642 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/55778 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8267 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 5CVE-2010-0232 – Microsoft Windows Kernel Exception Handler Vulnerability
https://notcve.org/view.php?id=CVE-2010-0232
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." El kernel en Microsoft Windows NT versión 3.1 hasta Windows 7, incluyendo Windows 2000 SP4, Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1 y SP2, y Windows Server 2008 Gold y SP2, cuando el acceso a aplicaciones de 16 bits está habilitado en una plataforma x86 de 32 bits, no valida apropiadamente ciertas llamadas de BIOS, lo que permite a los usuarios locales alcanzar privilegios mediante la creación de una estructura de datos VDM_TIB en el bloque de entorno de subprocesos (TEB), y luego llamar a la función NtVdmControl para iniciar la máquina de DOS virtuales de Windows (también se conoce como NTVDM), lo que conlleva a excepciones controladas inapropiadamente que implican el controlador #GP trap (nt!KiTrap0D), también se conoce como "Windows Kernel Exception Handler Vulnerability". Microsoft Windows suffers from an user mode to ring 0 escalation vulnerability. • https://www.exploit-db.com/exploits/11199 https://github.com/azorfus/CVE-2010-0232 http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx http://lists.immunitysec.com/pipermail/dailydave/2010-January/006000.html http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip http://seclists.org/fulldisclosure/2010/Jan/341 http://secunia.com/advisories/38265 http://securitytracker.com/id?1023471 http://www.microsoft.com/technet/security/advisory/979682.mspx&# •