CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2010-0238
https://notcve.org/view.php?id=CVE-2010-0238
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." Vulnerabilidad no especificada en la validación de la llave de registro en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Vista Gold permite a usuarios locales causar una denegación de servicio (reinicio) a través de una aplicación manipulada, conocido como "Windows Kernel Registry Key Vulnerability." • http://secunia.com/advisories/39373 http://www.securitytracker.com/id?1023850 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6793 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 30%CPEs: 23EXPL: 0CVE-2010-0486
https://notcve.org/view.php?id=CVE-2010-0486
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." La función WinVerifyTrust en Authenticode Signature Verification v5.1, v6.0, y v6.1 en Microsoft Windows 2000 SP4, Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7 no usa adecuadamente campos no especificados en el fichero digest, lo que permite a atacantes remotos asistidos por usuario ejecutar código de su elección a través de (1) Portable Executable (PE)modificado o (2) un fichero cabinet (como .CAB) que que aparece incorrectamente teniendo una firma válida, conocido como "WinVerifyTrust Signature Validation Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6787 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 16EXPL: 0CVE-2010-0024
https://notcve.org/view.php?id=CVE-2010-0024
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Exchange Server 2000 SP3, no valida adecuadamente los registros MX, lo que permite a servidores DNS remotos causar una denegación de servicio (apagado de servicio)a través de respuestas manipuladas en una petición de registro MX, también conocido como "Vulnerabilidad de registro MX en servidor SMTP" • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7067 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0237
https://notcve.org/view.php?id=CVE-2010-0237
The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." El kernel en Microsoft Windows 2000 SP4 y XP SP2 y SP3 permite a usuarios locales obtener privilegios para crear un enlace simbólico desde un registro sin confianza a un registro conconfianza, conocido como "Windows Kernel Symbolic Link Creation Vulnerability." • http://secunia.com/advisories/39373 http://www.securitytracker.com/id?1023850 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7130 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 23EXPL: 1CVE-2010-0269 – Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
https://notcve.org/view.php?id=CVE-2010-0269
The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." El cliente SMB en Microsoft Windows 2000 SP4, Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7 no asigna adecuadamente memoria para respuestas SMB, lo que permite a servidores SMB remotos y atacantes por la técnica man-in-the-middle ejecutar código de su elección a través de una respuesta manipulada (1) SMBv1 o (2) SMBv2, conocido como "SMB Client Memory Allocation Vulnerability." • https://www.exploit-db.com/exploits/12273 http://secunia.com/advisories/39372 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7129 • CWE-399: Resource Management Errors •