CVSS: 9.3EPSS: 96%CPEs: 19EXPL: 4CVE-2010-0480 – MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
https://notcve.org/view.php?id=CVE-2010-0480
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." Desbordamiento de búfer basado en pila en los codificadores de audio MPEG Layer-3 en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, SP2, y Server 2008 Gold y SP2 permite a atacantes remotos ejecutar código de su elección a través de un fichero AVI manipulado, conocido como "vulnerabilidad de desbordamiento de pila en el decodificador de audio MPEG Layer-3" • https://www.exploit-db.com/exploits/15096 https://www.exploit-db.com/exploits/14895 https://www.exploit-db.com/exploits/17659 http://securityreason.com/securityalert/8336 http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7441 https://www.exploit-db.com/moaub-5-microsoft-mpeg-layer-3-audio-stack-based-overflow http:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 87%CPEs: 6EXPL: 0CVE-2010-0268 – Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0268
Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." Vulnerabilidad no especificada en el control ActiveX de Windows Media Player (WMP) 9 en Microsoft Windows 2000 SP4 y XP SP2 y SP3 permite a atacantes remotos ejecutar código de su elección a través de contenido media manipulada, conocido como "Media Player Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists within the functionality for retrieving a codec for an unknown fourCC compression code. If an embedded Windows Media Player control attempts to play a media file containing an unknown codec it makes a request to Microsoft to retrieve the necessary capability. • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-027 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7281 •
CVSS: 4.3EPSS: 5%CPEs: 45EXPL: 0CVE-2010-0494
https://notcve.org/view.php?id=CVE-2010-0494
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Vulnerabilidad de dominio cruzado en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 permite a atacantes remotos asistidos por el usuario eludir la Política del mismo Origen (Same Origin Policy) y realizar ataques de secuencias de comandos en sitios cruzados (XSS) mediante una un documento HTML manipulado en una situación en la que el usuario cliente arrastra una ventana del navegador a través de otra, también conocido como "HTML Element Cross-Domain Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39047 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8553 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 7%CPEs: 27EXPL: 0CVE-2010-0488
https://notcve.org/view.php?id=CVE-2010-0488
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 no maneja adecuadamente "cadenas de codificación" (encoding strings) no especificadas, lo que permite a atacantes remotos eludir la Política del Mismo Origen (Same Origin Policy) y obtener información sensible mediante un sitio web manipulado, también conocido como "Post Encoding Information Disclosure Vulnerability." • http://jvn.jp/en/jp/JVN49467403/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.html http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39028 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 80%CPEs: 26EXPL: 0CVE-2010-0267
https://notcve.org/view.php?id=CVE-2010-0267
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1 y 7 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado de manera apropiada o (2) es borrado, lo que lleva a una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39023 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8554 • CWE-94: Improper Control of Generation of Code ('Code Injection') •