CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2010-0233 – Microsoft Windows XP/Vista/2000/2003 - Double-Free Memory Corruption Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-0233
10 Feb 2010 — Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." Vulnerabilidad de doble liberación en el núcleo de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, permite a usuarios locales obtener privilegios a través de una aplicación manipu... • https://www.exploit-db.com/exploits/33593 •
CVSS: 9.3EPSS: 42%CPEs: 20EXPL: 0CVE-2010-0252
https://notcve.org/view.php?id=CVE-2010-0252
10 Feb 2010 — The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." El control ActiveX Microsoft Data Analyzer (también conoc... • http://secunia.com/advisories/38503 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 44%CPEs: 6EXPL: 0CVE-2010-0016
https://notcve.org/view.php?id=CVE-2010-0016
10 Feb 2010 — The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." La implementación SMB Client Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 no valida correctamente los campos de petición, lo que permite a servidores SMB remotos y a atacantes hombre-en-el-medio... • http://www.us-cert.gov/cas/techalerts/TA10-040A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 38%CPEs: 29EXPL: 1CVE-2010-0555
https://notcve.org/view.php?id=CVE-2010-0555
04 Feb 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v5.01 SP4, v6, vv6 SP1, v7, y v8 n... • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx •
CVSS: 6.5EPSS: 63%CPEs: 49EXPL: 1CVE-2010-0255
https://notcve.org/view.php?id=CVE-2010-0255
04 Feb 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v... • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 69%CPEs: 46EXPL: 1CVE-2010-0027 – Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0027
22 Jan 2010 — The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." La funcionalidad de validación de URL en Microsoft Internet Explorer versiones 5.01, 6, 6 SP1, 7 y 8, y la función de la API ShellExecute en Windows 2000 SP4, XP SP2 ... • https://www.exploit-db.com/exploits/33552 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 28%CPEs: 25EXPL: 0CVE-2010-0247
https://notcve.org/view.php?id=CVE-2010-0247
22 Jan 2010 — Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 74%CPEs: 4EXPL: 6CVE-2010-0232 – Microsoft Windows Kernel Exception Handler Vulnerability
https://notcve.org/view.php?id=CVE-2010-0232
21 Jan 2010 — The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Vi... • https://packetstorm.news/files/id/124025 •
CVSS: 10.0EPSS: 34%CPEs: 59EXPL: 0CVE-2010-0244 – Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0244
21 Jan 2010 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecut... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 80%CPEs: 59EXPL: 1CVE-2010-0248 – Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0248
21 Jan 2010 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue cor... • https://www.exploit-db.com/exploits/18642 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-416: Use After Free •