CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2010-0235
https://notcve.org/view.php?id=CVE-2010-0235
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Vista Gold no realiza adecuadamente la validación esperada antes de crear un enlace simbólico, lo que permite a usuarios locales causar una denegación de servicio (reinicio) a través de una aplicación manipulada, conocido como "Windows Kernel Symbolic Link Value Vulnerability." • http://secunia.com/advisories/39373 http://www.securitytracker.com/id?1023850 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7509 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2010-0236
https://notcve.org/view.php?id=CVE-2010-0236
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Vista Gold no asigna adecuadamente memoria para llave destino asociada con una llave de registro de enlace simbólico, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, conocido como "Windows Kernel Memory Allocation Vulnerability." • http://secunia.com/advisories/39373 http://www.securitytracker.com/id?1023850 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7113 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 30%CPEs: 23EXPL: 0CVE-2010-0487
https://notcve.org/view.php?id=CVE-2010-0487
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." La funcionalidad de verificación Authenticode Signature en cabview.dll en Cabinet File Viewer Shell Extension v5.1, v6.0, y v6.1 en Microsoft Windows 2000 SP4, Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7 no usa adecuadamente los campos en un fichero digest, lo que permite a atacantes remotos ejecutar código de su elección a través de un cabinet modificado (como .CAB) que aparenta incorrectamente tener una firma valida, conocida como "Cabview Corruption Validation Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6886 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 19EXPL: 0CVE-2010-0234
https://notcve.org/view.php?id=CVE-2010-0234
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 no valida adecuadamente un argumento del registro de claves en una llamada de sistema no especificada, lo que permite a usuarios locales causar una denegación de servicio (reinicio) a través de una aplicación manipulada, conocido también como "Windows Kernel Null Pointer Vulnerability." • http://secunia.com/advisories/39373 http://secunia.com/advisories/39374 http://www.securitytracker.com/id?1023850 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6814 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 97%CPEs: 1EXPL: 1CVE-2010-0478 – Microsoft Windows Media Services - ConnectFunnel Stack Buffer Overflow (MS10-025)
https://notcve.org/view.php?id=CVE-2010-0478
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." Desbordamiento de búfer basado en nsum.exe en el Servicio Windows Media Unicast en Media Services para Microsoft Windows 2000 Server SP4 permite a atacantes remotos ejecutar código de su elección a través de paquetes manipulados asociados con información de transporte, conocido como "Media Services Stack-based Buffer Overflow Vulnerability." • https://www.exploit-db.com/exploits/16333 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •