CVSS: 7.8EPSS: 2%CPEs: 20EXPL: 0CVE-2010-1255
https://notcve.org/view.php?id=CVE-2010-1255
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." El controlador -driver- de Windows kernel-mode en win32k.sys de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 Gold y SP... • http://www.opera.com/support/kb/view/954 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 2%CPEs: 17EXPL: 0CVE-2010-0484
https://notcve.org/view.php?id=CVE-2010-0484
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." Los controladores de modo kernel de Windows en win32k.sys en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP... • http://www.opera.com/support/kb/view/954 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 0CVE-2010-0819
https://notcve.org/view.php?id=CVE-2010-0819
08 Jun 2010 — Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." Vulnerabilidad sin especificar en el driver Windows OpenType Compact Font Format (CFF) en Microsoft... • http://www.securityfocus.com/bid/40572 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 61%CPEs: 43EXPL: 0CVE-2010-1262 – Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1262
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer versión 6 SP1 y SP2, versión 7 y 8, permiten a los atacantes remotos ejecutar código arbitrario al acceder a un objeto que (1) no se inicializó de manera apropiada (... • http://support.avaya.com/css/P8/documents/100089747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 55%CPEs: 35EXPL: 4CVE-2010-0816 – Microsoft Windows Outlook Express and Windows Mail - Integer Overflow
https://notcve.org/view.php?id=CVE-2010-0816
12 May 2010 — Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlo... • https://www.exploit-db.com/exploits/12564 • CWE-189: Numeric Errors •
CVSS: 7.4EPSS: 19%CPEs: 19EXPL: 0CVE-2010-1690
https://notcve.org/view.php?id=CVE-2010-1690
07 May 2010 — The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerabi... • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 24%CPEs: 19EXPL: 0CVE-2010-1689
https://notcve.org/view.php?id=CVE-2010-1689
07 May 2010 — The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerab... • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 3CVE-2010-1734 – Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service
https://notcve.org/view.php?id=CVE-2010-1734
05 May 2010 — The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. La función SfnINSTRING de win32k.sys en el kernel de Microsoft Windows 2000, XP y Server 2003 permite a usuarios locales provocar una denegación de servicio (caída del sistema) mediante un valor 0x18d en el segundo argumento (c... • https://www.exploit-db.com/exploits/12337 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 3CVE-2010-1735 – Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
https://notcve.org/view.php?id=CVE-2010-1735
05 May 2010 — The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. La función SfnLOGONNOTIFY en win32k.sys en el kernel de Microsoft Windows 2000, XP, y Server 2003 permite a usuarios locales causar una denegación de servicio (caída sistema) a través de un valor 0x4c en el segundo argumento ... • https://www.exploit-db.com/exploits/12336 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 1%CPEs: 9EXPL: 0CVE-2010-0238
https://notcve.org/view.php?id=CVE-2010-0238
14 Apr 2010 — Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." Vulnerabilidad no especificada en la validación de la llave de registro en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Vista Gold permite a usuarios locales causar una denegación de servicio (reinicio) a... • http://secunia.com/advisories/39373 • CWE-20: Improper Input Validation •