CVE-2010-0917

Severity Score

7.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.

Desbordamiento de búfer basado en pila en VBScript en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2, al usar Internet Explorer, puede permitir a atacantes remotos asistidos por el usuario ejecutar código de su elección mediante una cadena larga en el cuarto argumento (alias argumento helpfile) para una función MsgBox, que conduce a la ejecución de código cuando se pulsa la tecla F1, una vulnerabilidad diferente a CVE-2010-0483.

*Credits: N/A

CVSS Scores

NISTv2 7.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-03-03 CVE Reserved
2010-03-03 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-10-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (7)

URL	Tag	Source
http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/56560	Vdb Entry

URL	Date	SRC
http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt	2024-08-07
http://isec.pl/vulnerabilities10.html	2024-08-07
http://www.securityfocus.com/bid/38473	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx	2019-02-26
http://www.microsoft.com/technet/security/advisory/981169.mspx	2019-02-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Safe
Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Safe
Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Safe
Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Safe
Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Safe
Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Safe
Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	sp2, itanium	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Safe
Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	sp2, itanium	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Safe
Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	sp2, itanium	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, x64	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, x64	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Safe
Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, x64	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Safe