var-201008-0131
Vulnerability from variot
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Mac OS X is an operating system used on Mac machines, based on the BSD system. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
TITLE: Microsoft Windows Shell Shortcut Parsing Vulnerability
SECUNIA ADVISORY ID: SA40647
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40647
RELEASE DATE: 2010-07-17
DISCUSS ADVISORY: http://secunia.com/advisories/40647/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40647/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40647
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Windows, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk) as certain parameters are not properly validated when attempting to load the icon. This can be exploited to automatically execute a program via a specially crafted shortcut.
Successful exploitation requires that a user is e.g. tricked into inserting a removable media (when AutoPlay is enabled) or browse to the root folder of the removable media (when AutoPlay is disabled) using Windows Explorer or a similar file manager. Exploitation may also be possible via network shares and WebDAV shares.
NOTE: This is currently being actively exploited in the wild via infected USB drives.
SOLUTION: The vendor recommends disabling the displaying of icons for shortcuts (please see the Microsoft security advisory for details).
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2286198.mspx
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
I. Microsoft has released updates to address the vulnerabilities.
One of the bulletins released, MS10-046, addresses a previously identified vulnerability in the Windows Shell that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#940193.
II.
III. Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).
IV. References
-
Microsoft Security Bulletin Summary for August 2010 - http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx
-
Microsoft Security Bulletin MS10-046 - http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx
-
US-CERT Vulnerability Note VU#940193 - http://www.kb.cert.org/vuls/id/940193
-
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA10-222A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA10-222A Feedback VU#505527" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
August 10, 2010: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9 5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+ vgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP 6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8 at64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd ILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ== =TqKf -----END PGP SIGNATURE----- .
1) An error in the way Silverlight handles pointers can be exploited to corrupt memory by tricking a user into visiting a web site containing specially crafted Silverlight content.
SOLUTION: Apply patches. 2) The vendor credits Eamon Nerbonne
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0131", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.0" }, { "model": "silverlight", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "3.0.40818.0" }, { "model": "silverlight", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "3.0.40723.0" }, { "model": "silverlight", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "2.0.31005.00" }, { "model": "silverlight", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "2.0.40115.00" }, { "model": "silverlight", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "3.0.40624.00" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "3.5" }, { "model": "silverlight", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.0.50106.0" }, { "model": "silverlight", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.0.40818.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": "silverlight", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2" }, { "model": "silverlight", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3" }, { "model": "silverlight", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "3.0.50106.0" }, { "model": "silverlight", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "3.0" }, { "model": "silverlight", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "3.5" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2.0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#940193" }, { "db": "BID", "id": "42295" }, { "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "db": "NVD", "id": "CVE-2010-1898" }, { "db": "CNNVD", "id": "CNNVD-201008-105" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.0.40818.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.0.50106.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.40115.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:2.0.31005.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-1898" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Eamon Nerbonne", "sources": [ { "db": "BID", "id": "42295" } ], "trust": 0.3 }, "cve": "CVE-2010-1898", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2010-1898", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-44503", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-1898", "trust": 1.8, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#940193", "trust": 0.8, "value": "72.90" }, { "author": "CNNVD", "id": "CNNVD-201008-105", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-44503", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#940193" }, { "db": "VULHUB", "id": "VHN-44503" }, { "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "db": "NVD", "id": "CVE-2010-1898" }, { "db": "CNNVD", "id": "CNNVD-201008-105" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. \nSuccessful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Mac OS X is an operating system used on Mac machines, based on the BSD system. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft Windows Shell Shortcut Parsing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40647\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40647/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647\n\nRELEASE DATE:\n2010-07-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40647/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40647/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Windows, which can be exploited\nby malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in Windows Shell when\nparsing shortcuts (.lnk) as certain parameters are not properly\nvalidated when attempting to load the icon. This can be exploited to\nautomatically execute a program via a specially crafted shortcut. \n\nSuccessful exploitation requires that a user is e.g. tricked into\ninserting a removable media (when AutoPlay is enabled) or browse to\nthe root folder of the removable media (when AutoPlay is disabled)\nusing Windows Explorer or a similar file manager. Exploitation may\nalso be possible via network shares and WebDAV shares. \n\nNOTE: This is currently being actively exploited in the wild via\ninfected USB drives. \n\nSOLUTION:\nThe vendor recommends disabling the displaying of icons for shortcuts\n(please see the Microsoft security advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/2286198.mspx\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n\nI. Microsoft has released updates to address the\n vulnerabilities. \n\n One of the bulletins released, MS10-046, addresses a previously\n identified vulnerability in the Windows Shell that is actively\n being exploited. This vulnerability was also described in US-CERT\n Vulnerability Note VU#940193. \n\n\nII. \n\n\nIII. Solution\n\n Apply updates\n\n Microsoft has provided updates for these vulnerabilities in the\n Microsoft Security Bulletin Summary for August 2010. The security\n bulletin describes any known issues related to the updates. \n Administrators are encouraged to note these issues and test for any\n potentially adverse effects. Administrators should consider using\n an automated update distribution system such as Windows Server\n Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for August 2010 -\n \u003chttp://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx\u003e\n\n * Microsoft Security Bulletin MS10-046 -\n \u003chttp://www.microsoft.com/technet/security/bulletin/MS10-046.mspx\u003e\n\n * US-CERT Vulnerability Note VU#940193 -\n \u003chttp://www.kb.cert.org/vuls/id/940193\u003e\n\n * Microsoft Windows Server Update Services -\n \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA10-222A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA10-222A Feedback VU#505527\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2010 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n August 10, 2010: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9\n5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+\nvgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP\n6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8\nat64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd\nILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ==\n=TqKf\n-----END PGP SIGNATURE-----\n. \n\n1) An error in the way Silverlight handles pointers can be exploited\nto corrupt memory by tricking a user into visiting a web site\ncontaining specially crafted Silverlight content. \n\nSOLUTION:\nApply patches. \n2) The vendor credits Eamon Nerbonne", "sources": [ { "db": "NVD", "id": "CVE-2010-1898" }, { "db": "CERT/CC", "id": "VU#940193" }, { "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "db": "BID", "id": "42295" }, { "db": "VULHUB", "id": "VHN-44503" }, { "db": "PACKETSTORM", "id": "91929" }, { "db": "PACKETSTORM", "id": "92657" }, { "db": "PACKETSTORM", "id": "92586" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-1898", "trust": 2.8 }, { "db": "USCERT", "id": "TA10-222A", "trust": 2.0 }, { "db": "BID", "id": "42295", "trust": 1.2 }, { "db": "NSFOCUS", "id": "15600", "trust": 1.2 }, { "db": "SECUNIA", "id": "40647", "trust": 0.9 }, { "db": "CERT/CC", "id": "VU#940193", "trust": 0.9 }, { "db": "SECUNIA", "id": "40872", "trust": 0.9 }, { "db": "BID", "id": "41732", "trust": 0.8 }, { "db": "USCERT", "id": "SA10-222A", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2010-2057", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2010-001913", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201008-105", "trust": 0.7 }, { "db": "MS", "id": "MS10-060", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-44503", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "91929", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "92657", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "92586", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#940193" }, { "db": "VULHUB", "id": "VHN-44503" }, { "db": "BID", "id": "42295" }, { "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "db": "PACKETSTORM", "id": "91929" }, { "db": "PACKETSTORM", "id": "92657" }, { "db": "PACKETSTORM", "id": "92586" }, { "db": "NVD", "id": "CVE-2010-1898" }, { "db": "CNNVD", "id": "CNNVD-201008-105" } ] }, "id": "VAR-201008-0131", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-44503" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:49:17.820000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "MS10-060", "trust": 0.8, "url": "http://www.microsoft.com/technet/security/bulletin/ms10-060.mspx" }, { "title": "MS10-060", "trust": 0.8, "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms10-060.mspx" }, { "title": "MS10-060e", "trust": 0.8, "url": "http://www.microsoft.com/japan/security/bulletins/ms10-060e.mspx" }, { "title": "TA10-222A", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39800" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39804" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39808" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39812" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39816" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39820" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39824" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39828" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39832" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39836" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39840" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39792" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39796" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39845" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39849" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39853" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39857" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39861" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39865" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39869" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39873" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39877" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39799" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39803" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39807" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39811" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39815" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39819" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39823" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39827" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39831" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39835" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39839" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39795" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39844" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39848" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39852" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39856" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39860" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39864" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39868" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39872" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39876" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39802" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39806" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39810" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39814" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39818" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39822" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39826" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39830" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39834" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39838" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39842" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39794" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39798" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39843" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39847" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39851" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39855" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39846" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39850" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39854" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39858" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39862" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39866" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39870" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39874" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39878" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39829" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39833" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39837" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39841" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39793" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39797" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39801" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39805" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39809" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39813" }, { "title": "Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39817" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39821" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39825" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39891" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39883" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39887" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39882" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39886" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39890" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39893" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39885" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39889" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39892" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39884" }, { "title": "Security Update for Microsoft Silverlight (KB978464)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39888" }, { "title": "Silverlight 4 (4.0.50524.0)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39879" }, { "title": "Silverlight 4 (4.0.50524.0)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39881" }, { "title": "Silverlight 4 (4.0.50524.0)", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39880" }, { "title": "Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39859" }, { "title": "Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39863" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39867" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39871" }, { "title": "Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39875" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "db": "CNNVD", "id": "CNNVD-201008-105" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-44503" }, { "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "db": "NVD", "id": "CVE-2010-1898" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html" }, { "trust": 1.7, "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx" }, { "trust": 1.1, "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12033" }, { "trust": 1.0, "url": "http://www.microsoft.com/technet/security/bulletin/ms10-060.mspx" }, { "trust": 0.9, "url": "http://secunia.com/advisories/40647/" }, { "trust": 0.8, "url": "http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx" }, { "trust": 0.8, "url": "http://support.microsoft.com/kb/2286198" }, { "trust": 0.8, "url": "http://isc.sans.edu/diary.html?storyid=9190" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/41732" }, { "trust": 0.8, "url": "http://support.microsoft.com/kb/967715" }, { "trust": 0.8, "url": "http://www.anti-virus.by/en/tempo.shtml" }, { "trust": 0.8, "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/" }, { "trust": 0.8, "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf" }, { "trust": 0.8, "url": "http://www.f-secure.com/weblog/archives/00001986.html" }, { "trust": 0.8, "url": "http://www.f-secure.com/weblog/archives/00001987.html" }, { "trust": 0.8, "url": "http://support.automation.siemens.com/ww/view/en/43876783" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1898" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100020.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta10-222a" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1898" }, { "trust": 0.8, "url": "http://secunia.com/advisories/40872" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/42295" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa10-222a.html" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2010/2057" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://www.nipc.org.cn/showvul.aspx?id=nipc-2010-2992" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/15600" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.2, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/40647/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647" }, { "trust": 0.1, "url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf" }, { "trust": 0.1, "url": "http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/legal.html\u003e" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/id/940193\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/signup.html\u003e." }, { "trust": 0.1, "url": "http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx\u003e" }, { "trust": 0.1, "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e" }, { "trust": 0.1, "url": "http://twitter.com/secunia" }, { "trust": 0.1, "url": "http://secunia.com/advisories/40872/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40872" }, { "trust": 0.1, "url": "http://secunia.com/advisories/40872/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#940193" }, { "db": "VULHUB", "id": "VHN-44503" }, { "db": "BID", "id": "42295" }, { "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "db": "PACKETSTORM", "id": "91929" }, { "db": "PACKETSTORM", "id": "92657" }, { "db": "PACKETSTORM", "id": "92586" }, { "db": "NVD", "id": "CVE-2010-1898" }, { "db": "CNNVD", "id": "CNNVD-201008-105" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#940193" }, { "db": "VULHUB", "id": "VHN-44503" }, { "db": "BID", "id": "42295" }, { "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "db": "PACKETSTORM", "id": "91929" }, { "db": "PACKETSTORM", "id": "92657" }, { "db": "PACKETSTORM", "id": "92586" }, { "db": "NVD", "id": "CVE-2010-1898" }, { "db": "CNNVD", "id": "CNNVD-201008-105" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-07-15T00:00:00", "db": "CERT/CC", "id": "VU#940193" }, { "date": "2010-08-11T00:00:00", "db": "VULHUB", "id": "VHN-44503" }, { "date": "2010-08-10T00:00:00", "db": "BID", "id": "42295" }, { "date": "2010-09-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "date": "2010-07-18T11:49:03", "db": "PACKETSTORM", "id": "91929" }, { "date": "2010-08-12T06:55:56", "db": "PACKETSTORM", "id": "92657" }, { "date": "2010-08-10T09:26:56", "db": "PACKETSTORM", "id": "92586" }, { "date": "2010-08-11T18:47:50.250000", "db": "NVD", "id": "CVE-2010-1898" }, { "date": "2010-08-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201008-105" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-09-09T00:00:00", "db": "CERT/CC", "id": "VU#940193" }, { "date": "2018-10-12T00:00:00", "db": "VULHUB", "id": "VHN-44503" }, { "date": "2010-09-29T21:10:00", "db": "BID", "id": "42295" }, { "date": "2010-09-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-001913" }, { "date": "2018-10-12T21:57:47.077000", "db": "NVD", "id": "CVE-2010-1898" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201008-105" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201008-105" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft Windows automatically executes code specified in shortcut files", "sources": [ { "db": "CERT/CC", "id": "VU#940193" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201008-105" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.