CVE-2010-0480 – Microsoft MPEG Layer-3 Audio Decoder - Division By Zero
https://notcve.org/view.php?id=CVE-2010-0480
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." Desbordamiento de búfer basado en pila en los codificadores de audio MPEG Layer-3 en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, SP2, y Server 2008 Gold y SP2 permite a atacantes remotos ejecutar código de su elección a través de un fichero AVI manipulado, conocido como "vulnerabilidad de desbordamiento de pila en el decodificador de audio MPEG Layer-3" • https://www.exploit-db.com/exploits/15096 https://www.exploit-db.com/exploits/14895 https://www.exploit-db.com/exploits/17659 http://securityreason.com/securityalert/8336 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7441 https://www.exploit-db.com/moaub-5-microsoft-mpeg-layer-3-audio-stack-based-overflow http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0267
https://notcve.org/view.php?id=CVE-2010-0267
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1 y 7 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado de manera apropiada o (2) es borrado, lo que lleva a una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39023 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8554 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0488
https://notcve.org/view.php?id=CVE-2010-0488
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 no maneja adecuadamente "cadenas de codificación" (encoding strings) no especificadas, lo que permite a atacantes remotos eludir la Política del Mismo Origen (Same Origin Policy) y obtener información sensible mediante un sitio web manipulado, también conocido como "Post Encoding Information Disclosure Vulnerability." • http://jvn.jp/en/jp/JVN49467403/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.html http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39028 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0494
https://notcve.org/view.php?id=CVE-2010-0494
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Vulnerabilidad de dominio cruzado en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 permite a atacantes remotos asistidos por el usuario eludir la Política del mismo Origen (Same Origin Policy) y realizar ataques de secuencias de comandos en sitios cruzados (XSS) mediante una un documento HTML manipulado en una situación en la que el usuario cliente arrastra una ventana del navegador a través de otra, también conocido como "HTML Element Cross-Domain Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39047 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8553 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0489
https://notcve.org/view.php?id=CVE-2010-0489
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 permite a atacantes remotos ejecutar código de su elección mediante un documento HTML manipulado que dispara una corrupción de memoria, también conocido como "Race Condition Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39026 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7774 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •