CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 0CVE-2010-0236
https://notcve.org/view.php?id=CVE-2010-0236
14 Apr 2010 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Vista Gold no asigna adecuadamente memoria para llave destino asociada con una llave de registro de enlace simbólico, l... • http://secunia.com/advisories/39373 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 1%CPEs: 9EXPL: 0CVE-2010-0238
https://notcve.org/view.php?id=CVE-2010-0238
14 Apr 2010 — Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." Vulnerabilidad no especificada en la validación de la llave de registro en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Vista Gold permite a usuarios locales causar una denegación de servicio (reinicio) a... • http://secunia.com/advisories/39373 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 61%CPEs: 23EXPL: 1CVE-2010-0269 – Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
https://notcve.org/view.php?id=CVE-2010-0269
14 Apr 2010 — The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." El cliente SMB en Microsoft Windows 2000 SP4, Windows XP SP2 y SP3, Windows Server 2003 SP... • https://www.exploit-db.com/exploits/12273 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 81%CPEs: 19EXPL: 3CVE-2010-0480 – Microsoft MPEG Layer-3 Audio Decoder - Division By Zero
https://notcve.org/view.php?id=CVE-2010-0480
14 Apr 2010 — Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." Desbordamiento de búfer basado en pila en los codificadores de audio MPEG Layer-3 en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, SP2, y Server 2008 Gold y... • https://www.exploit-db.com/exploits/15096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 44%CPEs: 23EXPL: 0CVE-2010-0486
https://notcve.org/view.php?id=CVE-2010-0486
14 Apr 2010 — The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka ... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 43%CPEs: 23EXPL: 0CVE-2010-0487
https://notcve.org/view.php?id=CVE-2010-0487
14 Apr 2010 — The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview ... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 63%CPEs: 26EXPL: 0CVE-2010-0267
https://notcve.org/view.php?id=CVE-2010-0267
31 Mar 2010 — Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1 y 7 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado... • http://securitytracker.com/id?1023773 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 9%CPEs: 27EXPL: 0CVE-2010-0488
https://notcve.org/view.php?id=CVE-2010-0488
31 Mar 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 no maneja adecuadamente "cadenas de codificación" (encoding strings) no especificadas, lo que permite a atacantes remotos eludir la Política del Mismo Origen (Same Origin P... • http://jvn.jp/en/jp/JVN49467403/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 32%CPEs: 27EXPL: 0CVE-2010-0489
https://notcve.org/view.php?id=CVE-2010-0489
31 Mar 2010 — Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 permite a atacantes remotos ejecutar código de su elección mediante un documento HTML manipulado que dispara una corrupción de memoria, también conocido como "Race Condition Memory Corruption Vulnerab... • http://securitytracker.com/id?1023773 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 59%CPEs: 9EXPL: 0CVE-2010-0491
https://notcve.org/view.php?id=CVE-2010-0491
31 Mar 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." Vulnerabilidad de uso despues de liberación en Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1, permite a atacantes remotos ejecutar código de su elección cambiando propiedades no especificadas de un objeto HTML que tiene un gest... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=864 • CWE-399: Resource Management Errors •