CVSS: 10.0EPSS: 67%CPEs: 17EXPL: 0CVE-2010-1883 – Microsoft Internet Explorer EOT File hdmx Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1883
12 Oct 2010 — Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." Desbordamiento de entero en el Embedded OpenType (EOT) Font Engine en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Window... • http://www.us-cert.gov/cas/techalerts/TA10-285A.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 55%CPEs: 26EXPL: 0CVE-2010-3328 – Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3328
12 Oct 2010 — Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función CAttrArray::PrivateFind en la biblioteca mshtml.dll en Microsoft Internet Explorer versión 6 hasta la versión 8 permite a los atacantes remotos ejecutar ... • http://support.avaya.com/css/P8/documents/100113324 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 81%CPEs: 17EXPL: 1CVE-2010-2729 – Microsoft Windows - Print Spooler Service Impersonation (MS10-061)
https://notcve.org/view.php?id=CVE-2010-2729
15 Sep 2010 — The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."... • https://www.exploit-db.com/exploits/16361 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 28%CPEs: 10EXPL: 0CVE-2010-0820
https://notcve.org/view.php?id=CVE-2010-0820
15 Sep 2010 — Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP message... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-068 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2010-1886
https://notcve.org/view.php?id=CVE-2010-1886
16 Aug 2010 — Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." Microsoft Windows XP SP2 y SP3, Wind... • http://support.microsoft.com/kb/2264072 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 57%CPEs: 22EXPL: 0CVE-2010-2556
https://notcve.org/view.php?id=CVE-2010-2556
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6,7 y 8 no manejan adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto que (1) no está apropiadamente inicializado o (2) está... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 21%CPEs: 22EXPL: 0CVE-2010-2558
https://notcve.org/view.php?id=CVE-2010-2558
11 Aug 2010 — Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 6,7 y 8 permite a atacantes ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria) mediante vectores relacionados con un objeto en memoria. • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 57%CPEs: 10EXPL: 0CVE-2010-2559
https://notcve.org/view.php?id=CVE-2010-2559
11 Aug 2010 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. Microsoft Internet Explorer 8 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar c... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 55%CPEs: 22EXPL: 0CVE-2010-2560
https://notcve.org/view.php?id=CVE-2010-2560
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." Microsoft Internet Explorer v6, v7, y v8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección aceediendo al objeto que (1) que no fue inicializado (2) es ... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 93%CPEs: 10EXPL: 4CVE-2010-2568 – Microsoft Windows Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2568
22 Jul 2010 — Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. Shell de Windows en Microsoft Windows XP SP3, Server 2003 SP2, Vista S... • https://www.exploit-db.com/exploits/14403 •