CVSS: 8.8EPSS: 44%CPEs: 10EXPL: 3CVE-2010-0917
https://notcve.org/view.php?id=CVE-2010-0917
03 Mar 2010 — Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. Desbordamiento de búfer basado en pila en VBScript en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2, ... • http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2010-0719
https://notcve.org/view.php?id=CVE-2010-0719
26 Feb 2010 — An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. Una API no especificada de Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 y Windows 7 no valida los argumentos, lo que permite a usuarios locales provocar una denegación de servicios (caída del sistema) a través d... • http://osvdb.org/62660 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 1CVE-2010-0705 – Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-0705
25 Feb 2010 — Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. Aavmker4.sys en avast! desde v4.8 hasta v4.8.1368.0 y v5.0 anteriores a v5.0.418.0 corriendo sobre Windows 2000 o XP, no valida adecuadamente una entrada a IOCT... • https://www.exploit-db.com/exploits/12406 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 40%CPEs: 21EXPL: 0CVE-2010-0020
https://notcve.org/view.php?id=CVE-2010-0020
10 Feb 2010 — The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." La implementación SMB sobre el servicio Server en Microsoft Windows 2000 SP4, Windows XP SP2 y SP3, Windows Server 2003 SP2... • http://www.us-cert.gov/cas/techalerts/TA10-040A.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 12%CPEs: 21EXPL: 0CVE-2010-0021
https://notcve.org/view.php?id=CVE-2010-0021
10 Feb 2010 — Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." Múltiples condiciones de carrera en la implementación en el servicio Server en Microsoft Windows Vista Gold, SP1, y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7 permi... • http://www.us-cert.gov/cas/techalerts/TA10-040A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 79%CPEs: 21EXPL: 0CVE-2010-0022
https://notcve.org/view.php?id=CVE-2010-0022
10 Feb 2010 — The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." La implementación de SMB implementation en el servicio Server en Microsoft Windows 2000 SP4,... • http://www.us-cert.gov/cas/techalerts/TA10-040A.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2010-0023
https://notcve.org/view.php?id=CVE-2010-0023
10 Feb 2010 — The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." El Subsistema Cliente/Servidor Run-Time (CSRSS) de Microsoft Windows 2000 SP4, XP SP2 y SP3, y S... • http://secunia.com/advisories/38509 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 69%CPEs: 5EXPL: 1CVE-2010-0028 – Microsoft Paint - Integer Overflow (Denial of Service) (MS10-005)
https://notcve.org/view.php?id=CVE-2010-0028
10 Feb 2010 — Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." Desbordamiento de entero en Microsoft Paint en Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, permite a atacantes remotos ejecutar código de su elección a través de un fichero JPEG (.JPG) manipulado. También se conoce como "Vulnerabilidad de Desbordamiento de Entero de MS Paint" • https://www.exploit-db.com/exploits/12518 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 49%CPEs: 4EXPL: 0CVE-2010-0035
https://notcve.org/view.php?id=CVE-2010-0035
10 Feb 2010 — The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." El Key Distribution Center (KDC) en Kerberos Microsoft Windows 2000 SP4, Server 2003 S... • http://www.us-cert.gov/cas/techalerts/TA10-040A.html •
CVSS: 10.0EPSS: 51%CPEs: 21EXPL: 1CVE-2010-0231 – Microsoft Windows - NTLM Weak Nonce (MS10-012)
https://notcve.org/view.php?id=CVE-2010-0231
10 Feb 2010 — The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authe... • https://www.exploit-db.com/exploits/15266 • CWE-264: Permissions, Privileges, and Access Controls CWE-310: Cryptographic Issues •