CVSS: 10.0EPSS: 90%CPEs: 43EXPL: 0CVE-2010-1262 – Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1262
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer versión 6 SP1 y SP2, versión 7 y 8, permiten a los atacantes remotos ejecutar código arbitrario al acceder a un objeto que (1) no se inicializó de manera apropiada (2) se elimina, lo que conlleva a la corrupción de la memoria, relacionada con el objeto CStyleSheet y un contenedor libre de tipo root, que se conoce como "Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CStyleSheet object. When a style sheet array is created it contains a reference to it's root container. • http://support.avaya.com/css/P8/documents/100089747 http://www.securityfocus.com/archive/1/511727/100/0/threaded http://www.securityfocus.com/bid/40417 http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://www.zerodayinitiative.com/advisories/ZDI-10-102 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 35EXPL: 4CVE-2010-0816 – Microsoft Windows Outlook Express and Windows Mail - Integer Overflow
https://notcve.org/view.php?id=CVE-2010-0816
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability." Un desbordamiento de entero en inetcomm.dll en Microsoft Outlook Express v5.5 Service Pack 2, v6 y v6 SP1, Windows Live Mail en Windows XP SP2 y SP3, Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, y R2 y Windows 7, y Windows Mail en Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, y R2 y Windows 7 permite ejecutar, a los servidores de correo electrónico remoto y los atacantes "man-in-the-middle", código de su elección a través de una respuesta (1) POP3 o ( 2) IMAP debidamente modificada, como lo demuestra una respuesta + OK en el puerto TCP 110. Esta vulnerabilidad también es conocida como "Vulnerabilidad de desbordamiento de Entero de Outlook Express y Windows Mail." Microsoft Windows Outlook Express and Windows Mail suffer from an integer overflow vulnerability. • https://www.exploit-db.com/exploits/12564 http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13 http://www.securityfocus.com/bid/40052 http://www.us-cert.gov/cas/techalerts/TA10-131A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734 • CWE-189: Numeric Errors •
CVSS: 4.9EPSS: 0%CPEs: 55EXPL: 3CVE-2010-1735 – Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
https://notcve.org/view.php?id=CVE-2010-1735
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. La función SfnLOGONNOTIFY en win32k.sys en el kernel de Microsoft Windows 2000, XP, y Server 2003 permite a usuarios locales causar una denegación de servicio (caída sistema) a través de un valor 0x4c en el segundo argumento (conocido como argumento MSG) de una función de llamada PostMessage para la ventana DDEMLEvent. • https://www.exploit-db.com/exploits/12336 http://secunia.com/advisories/39456 http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607 http://www.securityfocus.com/archive/1/510884/100/0/threaded http://www.securityfocus.com/bid/39630 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 55EXPL: 3CVE-2010-1734 – Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service
https://notcve.org/view.php?id=CVE-2010-1734
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. La función SfnINSTRING de win32k.sys en el kernel de Microsoft Windows 2000, XP y Server 2003 permite a usuarios locales provocar una denegación de servicio (caída del sistema) mediante un valor 0x18d en el segundo argumento (conocido como el argumento Msg) de una llamada a la función PostMessage para la ventana DDEMLEvent. • https://www.exploit-db.com/exploits/12337 http://secunia.com/advisories/39456 http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607 http://www.securityfocus.com/archive/1/510886/100/0/threaded http://www.securityfocus.com/bid/39631 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 19EXPL: 0CVE-2010-1689
https://notcve.org/view.php?id=CVE-2010-1689
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. La implementación DNS en smtpsvc.dll anteriores a v6.0.2600.5949 en Microsoft Windows 2000 SP4 y anteriores, Windows XP SP3 y anteriores, Windows Server 2003 SP2 y anteriores, Windows Server 2008 SP2 y anteriores , Windows Server 2008 R2, Exchange Server 2003 SP3 y anteriores, Exchange Server 2007 SP2 y anteriores, y Exchange Server 2010 usa IDs de transacción predecibles que se pueden obtener de sumar 1 a la anterior, lo que provoca que sea fácil que un atacante capture respuestas DNS mediante un ataque "hombre-en-medio" (man-in-the-middle), es una vulnerabilidad distinta a CVE-2010-0024 and CVE-2010-0025. • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html http://securitytracker.com/id?1023939 http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs http://www.securityfocus.com/bid/39908 • CWE-310: Cryptographic Issues •