CVSS: 6.1EPSS: 46%CPEs: 45EXPL: 0CVE-2010-0494
https://notcve.org/view.php?id=CVE-2010-0494
31 Mar 2010 — Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Vulnerabilidad de dominio cruzado en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 permite a atacantes remotos asistidos por el usuario eludir la Polít... • http://securitytracker.com/id?1023773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 91%CPEs: 25EXPL: 2CVE-2010-0806 – Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free
https://notcve.org/view.php?id=CVE-2010-0806
10 Mar 2010 — Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." La vulnerabilidad de Uso de la Memoria Previamente Liberada en el componente Peer Objects (también se conoce como iepeers.dll) en Microsoft Internet Explorer ver... • https://www.exploit-db.com/exploits/11683 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 81%CPEs: 10EXPL: 6CVE-2010-0483 – Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023)
https://notcve.org/view.php?id=CVE-2010-0483
03 Mar 2010 — vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." L... • https://www.exploit-db.com/exploits/16541 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 44%CPEs: 10EXPL: 3CVE-2010-0917
https://notcve.org/view.php?id=CVE-2010-0917
03 Mar 2010 — Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. Desbordamiento de búfer basado en pila en VBScript en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2, ... • http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2010-0719
https://notcve.org/view.php?id=CVE-2010-0719
26 Feb 2010 — An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. Una API no especificada de Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 y Windows 7 no valida los argumentos, lo que permite a usuarios locales provocar una denegación de servicios (caída del sistema) a través d... • http://osvdb.org/62660 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 40%CPEs: 21EXPL: 0CVE-2010-0020
https://notcve.org/view.php?id=CVE-2010-0020
10 Feb 2010 — The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." La implementación SMB sobre el servicio Server en Microsoft Windows 2000 SP4, Windows XP SP2 y SP3, Windows Server 2003 SP2... • http://www.us-cert.gov/cas/techalerts/TA10-040A.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 12%CPEs: 21EXPL: 0CVE-2010-0021
https://notcve.org/view.php?id=CVE-2010-0021
10 Feb 2010 — Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." Múltiples condiciones de carrera en la implementación en el servicio Server en Microsoft Windows Vista Gold, SP1, y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7 permi... • http://www.us-cert.gov/cas/techalerts/TA10-040A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 79%CPEs: 21EXPL: 0CVE-2010-0022
https://notcve.org/view.php?id=CVE-2010-0022
10 Feb 2010 — The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." La implementación de SMB implementation en el servicio Server en Microsoft Windows 2000 SP4,... • http://www.us-cert.gov/cas/techalerts/TA10-040A.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2010-0023
https://notcve.org/view.php?id=CVE-2010-0023
10 Feb 2010 — The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." El Subsistema Cliente/Servidor Run-Time (CSRSS) de Microsoft Windows 2000 SP4, XP SP2 y SP3, y S... • http://secunia.com/advisories/38509 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 69%CPEs: 5EXPL: 1CVE-2010-0028 – Microsoft Paint - Integer Overflow (Denial of Service) (MS10-005)
https://notcve.org/view.php?id=CVE-2010-0028
10 Feb 2010 — Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." Desbordamiento de entero en Microsoft Paint en Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, permite a atacantes remotos ejecutar código de su elección a través de un fichero JPEG (.JPG) manipulado. También se conoce como "Vulnerabilidad de Desbordamiento de Entero de MS Paint" • https://www.exploit-db.com/exploits/12518 • CWE-189: Numeric Errors •