CVSS: 9.3EPSS: 88%CPEs: 22EXPL: 0CVE-2010-2560
https://notcve.org/view.php?id=CVE-2010-2560
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." Microsoft Internet Explorer v6, v7, y v8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección aceediendo al objeto que (1) que no fue inicializado (2) es borrado, lo que proboca una corrupción de memoria , conocido como "Vulnerabilidad de corrupción de Memoria HTML Layout." • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11832 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 93%CPEs: 22EXPL: 0CVE-2010-2556
https://notcve.org/view.php?id=CVE-2010-2556
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6,7 y 8 no manejan adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto que (1) no está apropiadamente inicializado o (2) está borrado, lo que implica corrupción de memoria. También conocido cómo "Uninitialized Memory Corruption Vulnerability" (Vulnerabilidad de corrupción de memoria no inicializada). • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11994 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 18%CPEs: 22EXPL: 0CVE-2010-2558
https://notcve.org/view.php?id=CVE-2010-2558
Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 6,7 y 8 permite a atacantes ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria) mediante vectores relacionados con un objeto en memoria. • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11853 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 93%CPEs: 10EXPL: 0CVE-2010-2559
https://notcve.org/view.php?id=CVE-2010-2559
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. Microsoft Internet Explorer 8 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no haya sido inicializado apropiadamente o (2) está borrado, lo que implica corrupción de memoria. También conocido cómo "Uninitialized Memory Corruption Vulnerability" (Vulnerabilidad de corrupción de memoria sin inicializar), una vulnerabilidad diferente a CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 97%CPEs: 10EXPL: 4CVE-2010-2568 – Microsoft Windows Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2568
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. Shell de Windows en Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 SP2 y R2, y Windows 7 permite a usuarios locales o atacantes remotos ejecutar codigo a su elección a traves de un fichero de acceso directo (1) .LNK o (2) .PIF manipulado, el cual no es manejado adecuadamente mientras se muestra el icono en el Explorador de Windows, tal y como se demostro en Julio de 2010, originalmene referenciado por malware que aprovecha CVE-2010-2772 en los sistemas Siemens WinCC SCADA. Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user. • https://www.exploit-db.com/exploits/14403 https://www.exploit-db.com/exploits/16574 http://isc.sans.edu/diary.html?storyid=9181 http://isc.sans.edu/diary.html?storyid=9190 http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw http://secunia.com/advisories/40647 http://securitytracker.com/id?1024216 http://www.f-secure.com/weblog/archives/00001986.html http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf http://www.kb.cert.org/vuls/id&# •