cvelistv5 - cve-2010-1898

CVE-2010-1898 (GCVE-0-2010-1898)

Vulnerability from cvelistv5 – Published: 2010-08-11 18:00 – Updated: 2024-08-07 02:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	third-party-advisoryx_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:12.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA10-222A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "name": "MS10-060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
          },
          {
            "name": "oval:org.mitre.oval:def:12033",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA10-222A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
        },
        {
          "name": "MS10-060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
        },
        {
          "name": "oval:org.mitre.oval:def:12033",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-1898",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-222A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
            },
            {
              "name": "MS10-060",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
            },
            {
              "name": "oval:org.mitre.oval:def:12033",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-1898",
    "datePublished": "2010-08-11T18:00:00",
    "dateReserved": "2010-05-11T00:00:00",
    "dateUpdated": "2024-08-07T02:17:12.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F97EB992-2DC1-4E31-A298-072D8313130B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"42A6DF09-B8E1-414D-97E7-453566055279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C610747-93E5-4014-8ED2-47F333174832\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EDC4407-7E92-4E60-82F0-0C87D1860D3A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.40818.0\", \"matchCriteriaId\": \"20B8341A-C2AC-4C81-A7E7-D79C8970027C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F90BA702-AEA8-4CFA-8FE7-85EC3C36C893\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D5F951F-6DCB-4651-A99A-C7237025E00C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAAF6291-8E80-4DE5-820C-BA9778822194\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.50106.0\", \"matchCriteriaId\": \"D084CE43-A992-456C-A431-5D14EE6AF430\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F90BA702-AEA8-4CFA-8FE7-85EC3C36C893\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D5F951F-6DCB-4651-A99A-C7237025E00C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAAF6291-8E80-4DE5-820C-BA9778822194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AB865CD-A8EC-4341-9DF8-D4D92351EE1D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \\\"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"El Common Language Runtime (CLR) de Microsoft .NET Framework v2.0 SP1, v2.0 SP2, v3.5, v3.5 SP1, y v3.5.1, y Microsoft Silverlight v2 y v3 anterior a v3.0.50611.0 en Windows y anterior a v3.0.41130.0 on Mac OS X, no maneja decuadamente intefaces y delegaciones de m\\u00e9todos virtuales, lo que permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de (1) una aplicaci\\u00f3n de navegador XAML manipulada (tambi\\u00e9n conocida como XBAP), (2) una aplicaci\\u00f3n ASP.NET manipulada, o (3) una aplicaci\\u00f3n .NET Framework manipulada. Tambi\\u00e9n conocido c\\u00f3mo Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\\\"\"}]",
      "id": "CVE-2010-1898",
      "lastModified": "2024-11-21T01:15:25.230",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-08-11T18:47:50.250",
      "references": "[{\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1898\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-08-11T18:47:50.250\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \\\"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"El Common Language Runtime (CLR) de Microsoft .NET Framework v2.0 SP1, v2.0 SP2, v3.5, v3.5 SP1, y v3.5.1, y Microsoft Silverlight v2 y v3 anterior a v3.0.50611.0 en Windows y anterior a v3.0.41130.0 on Mac OS X, no maneja decuadamente intefaces y delegaciones de m\u00e9todos virtuales, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) una aplicaci\u00f3n de navegador XAML manipulada (tambi\u00e9n conocida como XBAP), (2) una aplicaci\u00f3n ASP.NET manipulada, o (3) una aplicaci\u00f3n .NET Framework manipulada. Tambi\u00e9n conocido c\u00f3mo Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F97EB992-2DC1-4E31-A298-072D8313130B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A6DF09-B8E1-414D-97E7-453566055279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C610747-93E5-4014-8ED2-47F333174832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EDC4407-7E92-4E60-82F0-0C87D1860D3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.40818.0\",\"matchCriteriaId\":\"20B8341A-C2AC-4C81-A7E7-D79C8970027C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F90BA702-AEA8-4CFA-8FE7-85EC3C36C893\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D5F951F-6DCB-4651-A99A-C7237025E00C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAAF6291-8E80-4DE5-820C-BA9778822194\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.50106.0\",\"matchCriteriaId\":\"D084CE43-A992-456C-A431-5D14EE6AF430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F90BA702-AEA8-4CFA-8FE7-85EC3C36C893\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D5F951F-6DCB-4651-A99A-C7237025E00C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAAF6291-8E80-4DE5-820C-BA9778822194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AB865CD-A8EC-4341-9DF8-D4D92351EE1D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-222A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2010-1898

Vulnerability from fkie_nvd - Published: 2010-08-11 18:47 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033

Impacted products

Vendor	Product	Version
microsoft	.net_framework	2.0
microsoft	.net_framework	2.0
microsoft	.net_framework	3.5
microsoft	.net_framework	3.5
microsoft	.net_framework	3.5.1
microsoft	silverlight	*
microsoft	silverlight	2.0.31005.00
microsoft	silverlight	2.0.40115.00
microsoft	silverlight	3.0.40624.00
microsoft	silverlight	3.0.40723.0
apple	mac_os_x	*
microsoft	silverlight	*
microsoft	silverlight	2.0.31005.00
microsoft	silverlight	2.0.40115.00
microsoft	silverlight	3.0.40624.00
microsoft	silverlight	3.0.40723.0
microsoft	silverlight	3.0.40818.0
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B8341A-C2AC-4C81-A7E7-D79C8970027C",
              "versionEndIncluding": "3.0.40818.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90BA702-AEA8-4CFA-8FE7-85EC3C36C893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5F951F-6DCB-4651-A99A-C7237025E00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAF6291-8E80-4DE5-820C-BA9778822194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D084CE43-A992-456C-A431-5D14EE6AF430",
              "versionEndIncluding": "3.0.50106.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "A20AA4A5-B6DA-42F5-ADA6-CE8F3D08DAEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90BA702-AEA8-4CFA-8FE7-85EC3C36C893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5F951F-6DCB-4651-A99A-C7237025E00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAF6291-8E80-4DE5-820C-BA9778822194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB865CD-A8EC-4341-9DF8-D4D92351EE1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El Common Language Runtime (CLR) de Microsoft .NET Framework v2.0 SP1, v2.0 SP2, v3.5, v3.5 SP1, y v3.5.1, y Microsoft Silverlight v2 y v3 anterior a v3.0.50611.0 en Windows y anterior a v3.0.41130.0 on Mac OS X, no maneja decuadamente intefaces y delegaciones de m\u00e9todos virtuales, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) una aplicaci\u00f3n de navegador XAML manipulada (tambi\u00e9n conocida como XBAP), (2) una aplicaci\u00f3n ASP.NET manipulada, o (3) una aplicaci\u00f3n .NET Framework manipulada. Tambi\u00e9n conocido c\u00f3mo Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""
    }
  ],
  "id": "CVE-2010-1898",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-11T18:47:50.250",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-AVI-376

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Microsoft .NET Framework et Microsoft Silverlight permettent l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités dans Microsoft .NET Framework et Microsoft Silverlight permettent l'exécution de code arbitraire à distance au moyen d'applications .NET ou de pages web spécialement conçues. Une personne malintentionnée peut également exécuter du code arbitraire s'il peut télécharger et exécuter une page ASP.NET sur un serveur IIS vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft .NET Framework 2.0 Service Pack 2 ;
Microsoft	N/A	Microsoft .NET Framework 3.5 Service Pack 1 ;
Microsoft	N/A	Microsoft Silverlight 3.
Microsoft	N/A	Microsoft .NET Framework 3.5 ;
Microsoft	N/A	Microsoft .NET Framework 3.5.1 ;
Microsoft	N/A	Microsoft Silverlight 2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-060 du 10 août 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft .NET Framework 2.0 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Silverlight 3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Silverlight 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s dans Microsoft .NET Framework et Microsoft\nSilverlight permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance au\nmoyen d\u0027applications .NET ou de pages web sp\u00e9cialement con\u00e7ues. Une\npersonne malintentionn\u00e9e peut \u00e9galement ex\u00e9cuter du code arbitraire s\u0027il\npeut t\u00e9l\u00e9charger et ex\u00e9cuter une page ASP.NET sur un serveur IIS\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1898"
    },
    {
      "name": "CVE-2010-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0019"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-376",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eMicrosoft .NET\nFramework\u003c/span\u003e et \u003cspan class=\"textit\"\u003eMicrosoft Silverlight\u003c/span\u003e\npermettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft .NET Common Language Runtime et Microsoft Silverlight",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-060 du 10 ao\u00fbt 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-060.mspx"
    }
  ]
}

CERTA-2010-AVI-376

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Microsoft .NET Framework et Microsoft Silverlight permettent l'exécution de code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft .NET Framework 2.0 Service Pack 2 ;
Microsoft	N/A	Microsoft .NET Framework 3.5 Service Pack 1 ;
Microsoft	N/A	Microsoft Silverlight 3.
Microsoft	N/A	Microsoft .NET Framework 3.5 ;
Microsoft	N/A	Microsoft .NET Framework 3.5.1 ;
Microsoft	N/A	Microsoft Silverlight 2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-060 du 10 août 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft .NET Framework 2.0 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Silverlight 3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Silverlight 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s dans Microsoft .NET Framework et Microsoft\nSilverlight permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance au\nmoyen d\u0027applications .NET ou de pages web sp\u00e9cialement con\u00e7ues. Une\npersonne malintentionn\u00e9e peut \u00e9galement ex\u00e9cuter du code arbitraire s\u0027il\npeut t\u00e9l\u00e9charger et ex\u00e9cuter une page ASP.NET sur un serveur IIS\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1898"
    },
    {
      "name": "CVE-2010-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0019"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-376",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eMicrosoft .NET\nFramework\u003c/span\u003e et \u003cspan class=\"textit\"\u003eMicrosoft Silverlight\u003c/span\u003e\npermettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft .NET Common Language Runtime et Microsoft Silverlight",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-060 du 10 ao\u00fbt 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-060.mspx"
    }
  ]
}

VAR-201008-0131

Vulnerability from variot - Updated: 2023-12-18 10:49

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Mac OS X is an operating system used on Mac machines, based on the BSD system. ----------------------------------------------------------------------

"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."

Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:

http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf

TITLE: Microsoft Windows Shell Shortcut Parsing Vulnerability

SECUNIA ADVISORY ID: SA40647

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40647

RELEASE DATE: 2010-07-17

DISCUSS ADVISORY: http://secunia.com/advisories/40647/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/40647/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=40647

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk) as certain parameters are not properly validated when attempting to load the icon. This can be exploited to automatically execute a program via a specially crafted shortcut.

Successful exploitation requires that a user is e.g. tricked into inserting a removable media (when AutoPlay is enabled) or browse to the root folder of the removable media (when AutoPlay is disabled) using Windows Explorer or a similar file manager. Exploitation may also be possible via network shares and WebDAV shares.

NOTE: This is currently being actively exploited in the wild via infected USB drives.

SOLUTION: The vendor recommends disabling the displaying of icons for shortcuts (please see the Microsoft security advisory for details).

PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.

ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2286198.mspx

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

I. Microsoft has released updates to address the vulnerabilities.

One of the bulletins released, MS10-046, addresses a previously identified vulnerability in the Windows Shell that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#940193.

II.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Microsoft Security Bulletin Summary for August 2010 - http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx
Microsoft Security Bulletin MS10-046 - http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx
US-CERT Vulnerability Note VU#940193 - http://www.kb.cert.org/vuls/id/940193
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA10-222A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA10-222A Feedback VU#505527" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2010 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

August 10, 2010: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9 5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+ vgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP 6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8 at64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd ILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ== =TqKf -----END PGP SIGNATURE----- .

1) An error in the way Silverlight handles pointers can be exploited to corrupt memory by tricking a user into visiting a web site containing specially crafted Silverlight content.

SOLUTION: Apply patches. 2) The vendor credits Eamon Nerbonne

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0131",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40818.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40723.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.0.31005.00"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.0.40115.00"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40624.00"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": "silverlight",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0.50106.0"
      },
      {
        "model": "silverlight",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0.40818.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "3.0.50106.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.40818.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.50106.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Eamon Nerbonne",
    "sources": [
      {
        "db": "BID",
        "id": "42295"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-1898",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-1898",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-44503",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-1898",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#940193",
            "trust": 0.8,
            "value": "72.90"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201008-105",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-44503",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. \nSuccessful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Mac OS X is an operating system used on Mac machines, based on the BSD system. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft Windows Shell Shortcut Parsing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40647\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40647/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647\n\nRELEASE DATE:\n2010-07-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40647/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40647/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Windows, which can be exploited\nby malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in Windows Shell when\nparsing shortcuts (.lnk) as certain parameters are not properly\nvalidated when attempting to load the icon. This can be exploited to\nautomatically execute a program via a specially crafted shortcut. \n\nSuccessful exploitation requires that a user is e.g. tricked into\ninserting a removable media (when AutoPlay is enabled) or browse to\nthe root folder of the removable media (when AutoPlay is disabled)\nusing Windows Explorer or a similar file manager. Exploitation may\nalso be possible via network shares and WebDAV shares. \n\nNOTE: This is currently being actively exploited in the wild via\ninfected USB drives. \n\nSOLUTION:\nThe vendor recommends disabling the displaying of icons for shortcuts\n(please see the Microsoft security advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/2286198.mspx\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n\nI. Microsoft has released updates to address the\n   vulnerabilities. \n\n   One of the bulletins released, MS10-046, addresses a previously\n   identified vulnerability in the Windows Shell that is actively\n   being exploited.  This vulnerability was also described in US-CERT\n   Vulnerability Note VU#940193. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for August 2010. The security\n   bulletin describes any known issues related to the updates. \n   Administrators are encouraged to note these issues and test for any\n   potentially adverse effects. Administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for August 2010 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx\u003e\n\n * Microsoft Security Bulletin MS10-046 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/MS10-046.mspx\u003e\n\n * US-CERT Vulnerability Note VU#940193 -\n   \u003chttp://www.kb.cert.org/vuls/id/940193\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA10-222A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA10-222A Feedback VU#505527\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2010 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n  August 10, 2010: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9\n5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+\nvgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP\n6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8\nat64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd\nILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ==\n=TqKf\n-----END PGP SIGNATURE-----\n. \n\n1) An error in the way Silverlight handles pointers can be exploited\nto corrupt memory by tricking a user into visiting a web site\ncontaining specially crafted Silverlight content. \n\nSOLUTION:\nApply patches. \n2) The vendor credits Eamon Nerbonne",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-1898",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA10-222A",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "42295",
        "trust": 1.2
      },
      {
        "db": "NSFOCUS",
        "id": "15600",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "40647",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#940193",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "40872",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "41732",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA10-222A",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2057",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105",
        "trust": 0.7
      },
      {
        "db": "MS",
        "id": "MS10-060",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "91929",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92657",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92586",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "id": "VAR-201008-0131",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:49:17.820000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS10-060",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-060.mspx"
      },
      {
        "title": "MS10-060",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms10-060.mspx"
      },
      {
        "title": "MS10-060e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/ms10-060e.mspx"
      },
      {
        "title": "TA10-222A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39800"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39804"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39808"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39812"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39816"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39820"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39824"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39828"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39832"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39836"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39840"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39792"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39796"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39845"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39849"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39853"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39857"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39861"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39865"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39869"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39873"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39877"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39799"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39803"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39807"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39811"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39815"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39819"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39823"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39827"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39831"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39835"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39839"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39795"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39844"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39848"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39852"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39856"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39860"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39864"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39868"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39872"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39876"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39802"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39806"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39810"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39814"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39818"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39822"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39826"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39830"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39834"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39838"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39842"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39794"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39798"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39843"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39847"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39851"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39855"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39846"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39850"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39854"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39858"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39862"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39866"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39870"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39874"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39878"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39829"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39833"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39837"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39841"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39793"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39797"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39801"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39805"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39809"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39813"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39817"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39821"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39825"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39891"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39883"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39887"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39882"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39886"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39890"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39893"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39885"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39889"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39892"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39884"
      },
      {
        "title": "Security Update for Microsoft Silverlight (KB978464)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39888"
      },
      {
        "title": "Silverlight 4 (4.0.50524.0)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39879"
      },
      {
        "title": "Silverlight 4 (4.0.50524.0)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39881"
      },
      {
        "title": "Silverlight 4 (4.0.50524.0)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39880"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39859"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39863"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39867"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39871"
      },
      {
        "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39875"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12033"
      },
      {
        "trust": 1.0,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-060.mspx"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/40647/"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/2286198"
      },
      {
        "trust": 0.8,
        "url": "http://isc.sans.edu/diary.html?storyid=9190"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/41732"
      },
      {
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/967715"
      },
      {
        "trust": 0.8,
        "url": "http://www.anti-virus.by/en/tempo.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/00001986.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/00001987.html"
      },
      {
        "trust": 0.8,
        "url": "http://support.automation.siemens.com/ww/view/en/43876783"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1898"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2010/at100020.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta10-222a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1898"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/40872"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/42295"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa10-222a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/2057"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.6,
        "url": "http://www.nipc.org.cn/showvul.aspx?id=nipc-2010-2992"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/15600"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40647/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/940193\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://twitter.com/secunia"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40872/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40872"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40872/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "db": "BID",
        "id": "42295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-07-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "date": "2010-08-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "date": "2010-08-10T00:00:00",
        "db": "BID",
        "id": "42295"
      },
      {
        "date": "2010-09-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "date": "2010-07-18T11:49:03",
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "date": "2010-08-12T06:55:56",
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "date": "2010-08-10T09:26:56",
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "date": "2010-08-11T18:47:50.250000",
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "date": "2010-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-09-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-44503"
      },
      {
        "date": "2010-09-29T21:10:00",
        "db": "BID",
        "id": "42295"
      },
      {
        "date": "2010-09-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001913"
      },
      {
        "date": "2018-10-12T21:57:47.077000",
        "db": "NVD",
        "id": "CVE-2010-1898"
      },
      {
        "date": "2021-07-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Windows automatically executes code specified in shortcut files",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-105"
      }
    ],
    "trust": 0.6
  }
}

GHSA-5F4J-48GX-59PQ

Vulnerability from github – Published: 2022-05-14 02:36 – Updated: 2022-05-14 02:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-1898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-11T18:47:00Z",
    "severity": "HIGH"
  },
  "details": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\"",
  "id": "GHSA-5f4j-48gx-59pq",
  "modified": "2022-05-14T02:36:47Z",
  "published": "2022-05-14T02:36:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1898"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-1898

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-1898

Aliases

CVE-2010-1898

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1898",
    "description": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\"",
    "id": "GSD-2010-1898"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1898"
      ],
      "details": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\"",
      "id": "GSD-2010-1898",
      "modified": "2023-12-13T01:21:32.307135Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-1898",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA10-222A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "name": "MS10-060",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
          },
          {
            "name": "oval:org.mitre.oval:def:12033",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.40818.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.50106.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-1898"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-222A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12033",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
            },
            {
              "name": "MS10-060",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:57Z",
      "publishedDate": "2010-08-11T18:47Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-1898 (GCVE-0-2010-1898)

FKIE_CVE-2010-1898

CERTA-2010-AVI-376

Description

Solution

CERTA-2010-AVI-376

Description

Solution

VAR-201008-0131

GHSA-5F4J-48GX-59PQ

GSD-2010-1898

Tags

Sightings

Nomenclature