Support

The Stonesoft Technical Services Team is committed to providing high-quality, results-driven service to customers and partners, world-wide.

Microsoft Vulnerabilities and Situations for 2010 in sgpkg-ips-578-5211

Vulnerabilities


MS10-105 Microsoft-Office-Cgm-Image-Converter-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Office
Risk: Moderate
First detected in: sgpkg-ips-435-4219
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Office
Type: Buffer Overflow
Description: A buffer overflow vulnerability exists in Microsoft Office. The vulnerability is due to the way Office allocates a buffer size when handling CGM image files. An attacker can leverage this vulnerability by enticing a target user to open a malicious file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.
SituationFile-Binary_Microsoft-Office-Cgm-Image-Converter-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Office detected
Description: A buffer overflow vulnerability exists in Microsoft Office. The vulnerability is due to the way Office allocates a buffer size when handling CGM image files. An attacker can leverage this vulnerability by enticing a target user to open a malicious file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.
References:
CVE-2010-3945
MS10-105
Back to top

MS10-105 Microsoft-Office-FlashPix-Converter-Buffer-Overflow-CVE-2010-3951

About this vulnerability: A vulnerability in Microsoft Office
Risk: High
First detected in: sgpkg-ips-363-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP
Type: Malfunction
Description: There is a vulnerability in Microsoft Office.
SituationHTTP_SS-Microsoft-Office-FlashPix-Converter-Buffer-Overflow-CVE-2010-3951
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
SituationFile-OLE_Microsoft-Office-FlashPix-Converter-Buffer-Overflow-CVE-2010-3951
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
References:
CVE-2010-3951
MS10-105
Back to top

MS10-105 Microsoft-Office-Pict-Image-Converter-Integer-Overflow

About this vulnerability: A vulnerability in Microsoft Office
Risk: Moderate
First detected in: sgpkg-ips-384-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP; Microsoft Office 2003; Microsoft Office Converter Pack
Type: Integer Overflow
Description: A buffer overflow vulnerability exists in Microsoft Office. The vulnerability is due to the way Office allocates a buffer size when handling PICT image files. An attacker can leverage this vulnerability by enticing a target user to open a malicious file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.
SituationHTTP_SS-Microsoft-Office-Pict-Image-Converter-Integer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Office detected
Description: A buffer overflow vulnerability exists in Microsoft Office. The vulnerability is due to the way Office allocates a buffer size when handling PICT image files. An attacker can leverage this vulnerability by enticing a target user to open a malicious file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.
SituationFile-Binary_Microsoft-Office-Pict-Image-Converter-Integer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Office detected
Description: A buffer overflow vulnerability exists in Microsoft Office. The vulnerability is due to the way Office allocates a buffer size when handling PICT image files. An attacker can leverage this vulnerability by enticing a target user to open a malicious file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.
References:
CVE-2010-3946
BID-45273
MS10-105
Back to top

MS10-105 Microsoft-Office-TIFF-Converter-Heap-Overflow-CVE-2010-3947

About this vulnerability: A vulnerability in Microsoft Office
Risk: High
First detected in: sgpkg-ips-363-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010
Type: Malfunction
Description: There is a vulnerability in Microsoft Office.
SituationHTTP_SS-Microsoft-Office-TIFF-Converter-Heap-Overflow-CVE-2010-3947
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
SituationFile-Binary_Microsoft-Office-TIFF-Converter-Heap-Overflow-CVE-2010-3947
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
References:
CVE-2010-3947
MS10-105
Back to top

MS10-104 Microsoft-Sharepoint-Malformed-Request-Code-Execution-CVE-2010-3964

About this vulnerability: A vulnerability in Microsoft Sharepoint
Risk: High
First detected in: sgpkg-ips-363-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft Sharepoint
Type: Malfunction
Description: There is a vulnerability in Microsoft Sharepoint.
SituationGeneric_CS-Microsoft-Sharepoint-Malformed-Request-Code-Execution-CVE-2010-3964
Comment: Detected attempt to exploit a vulnerability in Microsoft Sharepoint
Description: An attempt to exploit a vulnerability in Microsoft Sharepoint was detected.
SituationHTTP_CS-Microsoft-Sharepoint-Malformed-Request-Code-Execution-CVE-2010-3964
Comment: Detected attempt to exploit a vulnerability in Microsoft Sharepoint
Description: An attempt to exploit a vulnerability in Microsoft Sharepoint was detected.
References:
CVE-2010-3964
BID-45264
OSVDB-69817
MS10-104
Back to top

MS10-103 Microsoft-Publisher-Array-Indexing-Memory-Corruption-CVE-2010-3955

About this vulnerability: A vulnerability in Microsoft Publisher
Risk: High
First detected in: sgpkg-ips-364-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Publisher 2002
Type: Malfunction
Description: There is a vulnerability in Microsoft Publisher.
SituationHTTP_SS-Microsoft-Publisher-Array-Indexing-Memory-Corruption-CVE-2010-3955
Comment: Detected attempt to exploit a vulnerability in Microsoft Publisher
Description: An attempt to exploit a vulnerability in Microsoft Publisher was detected.
SituationFile-OLE_Microsoft-Publisher-Array-Indexing-Memory-Corruption-CVE-2010-3955
Comment: Detected attempt to exploit a vulnerability in Microsoft Publisher
Description: An attempt to exploit a vulnerability in Microsoft Publisher was detected.
References:
CVE-2010-3955
MS10-103
Back to top

MS10-103 Microsoft-Publisher-Size-Value-Heap-Corruption-CVE-2010-2569

About this vulnerability: A vulnerability in Microsoft Publisher
Risk: High
First detected in: sgpkg-ips-363-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Publisher 2002; Microsoft Publisher 2007
Type: Malfunction
Description: There is a vulnerability in Microsoft Publisher.
SituationHTTP_SS-Microsoft-Publisher-Size-Value-Heap-Corruption-CVE-2010-2569
Comment: Detected attempt to exploit a vulnerability in Microsoft Publisher
Description: An attempt to exploit a vulnerability in Microsoft Publisher was detected.
SituationFile-OLE_Microsoft-Publisher-Size-Value-Heap-Corruption-CVE-2010-2569
Comment: Detected attempt to exploit a vulnerability in Microsoft Publisher
Description: An attempt to exploit a vulnerability in Microsoft Publisher was detected.
References:
CVE-2010-2569
MS10-103
Back to top

MS10-101 Microsoft-Netlogon-RPC-Null-Deference-Denial-Of-Service-CVE-2010-2742

About this vulnerability: A vulnerability in Microsoft Netlogon RPC service
Risk: Moderate
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a vulnerability in Microsoft Netlogon service.
SituationMSRPC-TCP_CPS-Microsoft-Netlogon-RPC-Null-Deference-Denial-Of-Service
Comment: An attempt to exploit a vulnerability in Microsoft Windows Netlogon service
Description: A vulnerability in Microsoft Netlogon service, CVE-2010-2742
References:
CVE-2010-2742
MS10-101
Back to top

MS10-097 Microsoft-Internet-Connection-Wizard-Insecure-Loading-CVE-2010-3144

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows XP; Windows 2003
Software: <os>
Type: Malfunction
Description: There is a vulnerability in Microsoft Windows.
SituationHTTP_CSU-Microsoft-Internet-Connection-Wizard-Insecure-Loading-CVE-2010-3144
Comment: Detected attempt to exploit a vulnerability in Microsoft Windows
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected.
References:
CVE-2010-3144
MS10-097
Back to top

MS10-096 Microsoft-Windows-Address-Book-Insecure-Library-Loading-CVE-2010-3147

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows 7; Windows 2008; Windows Vista; Windows 2008
Software: <os>
Type: Malfunction
Description: There is a vulnerability in Microsoft Windows.
SituationHTTP_CSU-Microsoft-Windows-Address-Book-Insecure-Library-Loading-CVE-2010-3147
Comment: Detected attempt to exploit a vulnerability in Microsoft Windows
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected.
References:
CVE-2010-3147
MS10-096
Back to top

MS10-095 Microsoft-Windows-BranchCache-Insecure-Library-Loading-CVE-2010-3966

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows 7; Windows 2008
Software: <os>
Type: Malfunction
Description: There is a vulnerability in Microsoft Windows.
SituationHTTP_CSU-Microsoft-Windows-BranchCache-Insecure-Library-Loading-CVE-2010-3966
Comment: Detected attempt to exploit a vulnerability in Microsoft Windows
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected.
References:
CVE-2010-3966
BID-45295
OSVDB-69816
MS10-095
Back to top

MS10-094 Microsoft-Windows-Media-Encoder-Insecure-Library-Loading-CVE-2010-3965

About this vulnerability: A vulnerability in Microsoft Windows Media Encoder
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows Vista; Windows XP; Windows 2008
Software: Microsoft Windows Media Encoder
Type: Malfunction
Description: There is a vulnerability in Microsoft Windows Media Encoder.
SituationHTTP_CSU-Microsoft-Windows-Media-Encoder-Insecure-Library-Loading-CVE-2010-3965
Comment: Detected attempt to exploit a vulnerability in Microsoft Windows Media Encoder
Description: An attempt to exploit a vulnerability in Microsoft Windows Media Encoder was detected.
References:
CVE-2010-3965
BID-42855
MS10-094
Back to top

MS10-093 Microsoft-Windows-Movie-Maker-Insecure-Library-Loading-CVE-2010-3967

About this vulnerability: A vulnerability in Microsoft Movie Maker
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows Vista
Software: Microsoft Windows Movie Maker
Type: Malfunction
Description: There is a vulnerability in Microsoft Movie Maker.
SituationHTTP_CSU-Microsoft-Windows-Movie-Maker-Insecure-Library-Loading-CVE-2010-3967
Comment: Detected attempt to exploit a vulnerability in Microsoft Windows Movie Maker
Description: An attempt to exploit a vulnerability in Microsoft Windows Movie Maker was detected.
References:
CVE-2010-3067
MS10-093
Back to top

MS10-091 Microsoft-OpenType-Font-Handling-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-436-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: A code execution vulnerability has been reported in Microsoft OpenType. The vulnerability is due to the way specially crafted OpenType fonts are parsed by the OpenType font driver which can lead to a double free memory error. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code with kernel permissions.
SituationFile-Binary_Microsoft-OpenType-Font-Handling-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A code execution vulnerability has been reported in Microsoft OpenType. The vulnerability is due to the way specially crafted OpenType fonts are parsed by the OpenType font driver which can lead to a double free memory error. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code with kernel permissions.
References:
CVE-2010-3957
BID-45315
MS10-091
Back to top

MS10-091 Microsoft-OpenType-Font-Index-Remote-Code-Execution

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-436-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft Windows OpenType format driver. The vulnerability is due to the way specially crafted OpenType fonts are parsed by the OpenType font driver. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Windows Font Viewer, or various web browsers. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In the case of an unsuccessful code injection attack, the affected system will crash with a BSoD, causing a denial of service condition.
SituationFile-Binary_Microsoft-OpenType-Font-Index-Remote-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: There is a code execution vulnerability in Microsoft Windows OpenType format driver. The vulnerability is due to the way specially crafted OpenType fonts are parsed by the OpenType font driver. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Windows Font Viewer, or various web browsers. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In the case of an unsuccessful code injection attack, the affected system will crash with a BSoD, causing a denial of service condition.
References:
CVE-2010-3956
BID-45311
MS10-091
Back to top

MS10-090 Microsoft-Internet-Explorer-HTML-Element-Memory-Corruption-CVE-2010-3345

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 8.0
Type: Malfunction
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-HTML-Element-Memory-Corruption-CVE-2010-3345
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-HTML-Element-CVE-2010-3345
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-3345
MS10-090
Back to top

MS10-090 Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-3340

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0
Type: Malfunction
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-3340
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-HTML-Object-CVE-2010-3340
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-3340
MS10-090
Back to top

MS10-090 Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-3343

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0
Type: Malfunction
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-3343
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-HTML-Object-CVE-2010-3343
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-3343
MS10-090
Back to top

MS10-090 Microsoft-Internet-Explorer-HTML-Time-Element-Memory-Corruption-CVE-2010-3346

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-362-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 6.0
Type: Malfunction
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-HTML-Time-Element-Memory-Corruption
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-HTML-Time-Element-CVE-2010-3346
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-HTML-Time-Element-CVE-2010-3346-2
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-3346
BID-45261
MS10-090
Back to top

MS10-090 Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-354-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Input Validation
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationHTTP_SS-Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962-2
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962-2
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-3962
BID-44536
OSVDB-68987
MS10-090
Back to top

MS10-089 Microsoft-Forefront-Unified-Access-Gateway-Signurl.asp-XSS

About this vulnerability: A vulnerability in Microsoft Forefront Unified Access Gateway
Risk: Moderate
First detected in: sgpkg-ips-435-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Forefront Unified Access Gateway
Type: Cross-site Scripting
Description: A cross-site scripting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG). The vulnerability is due to insufficient validation of user-supplied input in signurl.asp. A remote attacker can exploit this flaw by enticing a target to open a malicious URL link. Successful exploitation would result in compromise of web browser cookies (including authentication cookies) associated with the site, and modification of user information.
SituationFile-Text_Microsoft-Forefront-Unified-Access-Gateway-Signurl.asp-XSS
Comment: An attempt to exploit a vulnerability in Microsoft Forefront Unified Access Gateway detected
Description: A cross-site scripting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG). The vulnerability is due to insufficient validation of user-supplied input in signurl.asp. A remote attacker can exploit this flaw by enticing a target to open a malicious URL link. Successful exploitation would result in compromise of web browser cookies (including authentication cookies) associated with the site, and modification of user information.
References:
CVE-2010-3936
MS10-089
Back to top

MS10-088 Microsoft-Office-PowerPoint-Animation-Code-Execution-CVE-2010-2573

About this vulnerability: Code execution vulnerability in Microsoft PowerPoint
Risk: High
First detected in: sgpkg-ips-353-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft PowerPoint
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft PowerPoint. By persuading a target user to open a malicious Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.
SituationE-Mail_BS-Microsoft-Office-PowerPoint-Animation-Code-Execution-CVE-2010-2573
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-2573 detected as an e-mail attachment
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-2573 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Office-PowerPoint-Animation-Code-Execution-CVE-2010-2573
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-2573 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-2573 over HTTP has been detected.
SituationFile-OLE_Microsoft-Office-PowerPoint-Animation-Code-Execution-CVE-2010-2573
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-2573 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-2573 over HTTP has been detected.
References:
CVE-2010-2573
MS10-088
Back to top

MS10-088 Microsoft-Office-PowerPoint-FB1h-Parsing-BOF-CVE-2010-2572

About this vulnerability: Code execution vulnerability in Microsoft PowerPoint
Risk: High
First detected in: sgpkg-ips-353-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft PowerPoint
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft PowerPoint. By persuading a target user to open a malicious Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.
SituationE-Mail_BS-Microsoft-Office-PowerPoint-FB1h-Parsing-BOF-CVE-2010-2572
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-2572 detected as an e-mail attachment
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-2572 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Office-PowerPoint-FB1h-Parsing-BOF-CVE-2010-2572
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-2572 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-2572 over HTTP has been detected.
SituationFile-OLE_Microsoft-Office-PowerPoint-FB1h-Parsing-BOF-CVE-2010-2572
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-2572 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-2572 over HTTP has been detected.
References:
CVE-2010-2572
MS10-088
Back to top

MS10-087 Microsoft-Office-Art-Drawing-Records-CVE-2010-3334

About this vulnerability: A vulnerability in Microsoft Office
Risk: High
First detected in: sgpkg-ips-353-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2004; Microsoft Office 2008
Type: Input Validation
Description: There is a vulnerability in Microsoft Office.
SituationHTTP_SS-Microsoft-Office-Art-Drawing-Records-CVE-2010-3334
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
SituationFile-OLE_Microsoft-Office-Art-Drawing-Records-CVE-2010-3334
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
References:
CVE-2010-3334
BID-44656
MS10-087
Back to top

MS10-087 Microsoft-Office-Drawing-Exception-Handling-CVE-2010-3335

About this vulnerability: A vulnerability in Microsoft Office
Risk: High
First detected in: sgpkg-ips-353-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2004; Microsoft Office 2008
Type: Input Validation
Description: There is a vulnerability in Microsoft Office.
SituationHTTP_SS-Microsoft-Office-Drawing-Exception-Handling-CVE-2010-3335
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
SituationFile-OLE_Microsoft-Office-Drawing-Exception-Handling-CVE-2010-3335
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
References:
CVE-2010-3335
BID-44659
MS10-087
Back to top

MS10-087 Microsoft-Office-Insecure-Library-Loading-CVE-2010-3337

About this vulnerability: A vulnerability in Microsoft Office
Risk: High
First detected in: sgpkg-ips-353-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft Office 2007; Microsoft Office 2010
Type: Input Validation
Description: There is a vulnerability in Microsoft Office.
SituationHTTP_CS-Microsoft-Windows-DLL-Hijack-Vulnerability
Comment: Detects applications attempting to access DLL files over HTTP, possible DLL hijack attempt
Description: Detects attempts to access DLL files over HTTP. While this is normal behaviour of Windows applications, it is a potential exploit of the Windows DLL Hijack vulnerability. This vulnerability is actively exploited and public exploits exist.
References:
CVE-2010-3337
MS10-087
Back to top

MS10-087 Microsoft-Office-MSO-Large-SPID-Read-AV-CVE-2010-3336

About this vulnerability: A vulnerability in Microsoft Office
Risk: High
First detected in: sgpkg-ips-353-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP; Microsoft Office 2004; Microsoft Office 2008
Type: Input Validation
Description: There is a vulnerability in Microsoft Office.
SituationHTTP_SS-Microsoft-Office-MSO-Large-SPID-Read-AV-CVE-2010-3336
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
SituationFile-OLE_Microsoft-Office-MSO-Large-SPID-Read-AV-CVE-2010-3336
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
References:
CVE-2010-3336
BID-44660
MS10-087
Back to top

MS10-087 Microsoft-Office-RTF-Stack-Overflow-CVE-2010-3333

About this vulnerability: A vulnerability in Microsoft Office
Risk: High
First detected in: sgpkg-ips-353-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2004; Microsoft Office 2008
Type: Input Validation
Description: There is a vulnerability in Microsoft Office.
SituationHTTP_SS-Microsoft-Office-RTF-Stack-Overflow-CVE-2010-3333
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
SituationFile-RTF_Microsoft-Office-RTF-Stack-Overflow-CVE-2010-3333
Comment: Detected attempt to exploit a vulnerability in Microsoft Office
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
References:
CVE-2010-3333
BID-44652
OSVDB-69085
MS10-087
Back to top

MS10-085 Microsoft-Schannel-CVE-2010-3229

About this vulnerability: A Microsoft Schannel vulnerability
Risk: High
First detected in: sgpkg-ips-347-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: A vulnerability exists in Microsoft Schannel.
SituationHTTPS_CS-Schannel-CVE-2010-3229
Comment: Microsoft Schannel CVE-2010-3229 detected
Description: Microsoft Schannel CVE-2010-3229 detected
References:
CVE-2010-3229
BID-43780
MS10-085
Back to top

MS10-082 Microsoft-WMP-CVE-2010-2745

About this vulnerability: A Windows Media Player vulnerability
Risk: High
First detected in: sgpkg-ips-346-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Windows Media Player
Type: Malfunction
Description: A vulnerability exists in Windows Media Player.
SituationHTTP_SS-WMP-2-CVE-2010-2745
Comment: An attempt to exploit a vulnerability in Windows Media Player was detected
Description: An attempt to exploit a vulnerability in Windows Media Player was detected.
SituationHTTP_SS-WMP-1-CVE-2010-2745
Comment: An attempt to exploit a vulnerability in Windows Media Player was detected
Description: An attempt to exploit a vulnerability in Windows Media Player was detected.
SituationFile-Text_Microsoft-Windows-Media-Player-1-CVE-2010-2745
Comment: An attempt to exploit a vulnerability in Windows Media Player was detected
Description: An attempt to exploit a vulnerability in Windows Media Player was detected.
SituationFile-Text_Microsoft-Windows-Media-Player-2-CVE-2010-2745
Comment: An attempt to exploit a vulnerability in Windows Media Player was detected
Description: An attempt to exploit a vulnerability in Windows Media Player was detected.
References:
CVE-2010-2745
MS10-082
Back to top

MS10-081 Microsoft-Windows-Common-Control-Library-Heap-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-382-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: A code execution vulnerability exists in Microsoft Windows Common Control Library.
SituationHTTP_SS-Microsoft-Windows-Common-Control-Library-Heap-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A code execution vulnerability exists in Microsoft Windows Common Control Library.
SituationFile-TextId_Microsoft-Windows-Common-Control-Library-Heap-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A code execution vulnerability exists in Microsoft Windows Common Control Library.
References:
CVE-2010-2746
BID-43717
MS10-081
Back to top

MS10-080 Microsoft-Excel-Merge-Cell-Record-Pointer-CVE-2010-3237

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-348-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2002; Microsoft Excel 2004 for Mac
Type: Input Validation
Description: There is a vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Excel-Merge-Cell-Record-Pointer-CVE-2010-3237
Comment: Detected attempt to exploit a vulnerability in Microsoft Excel
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-Merge-Cell-Record-Pointer-CVE-2010-3237
Comment: Detected attempt to exploit a vulnerability in Microsoft Excel
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
References:
CVE-2010-3237
MS10-080
Back to top

MS10-080 Microsoft-Excel-Ptgextraarray-Parsing-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-401-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel; Microsoft Office
Type: Malfunction
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to lack of validation on the PtgExtraArray data structure when parsing a crafted Excel file. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a user to open a maliciously crafted file. In situations where code execution is successful the injected code will run within the security context of the currently logged in user. If code execution fails, the vulnerable application may terminate abnormally.
SituationHTTP_SS-Microsoft-Excel-Ptgextraarray-Parsing-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to lack of validation on the PtgExtraArray data structure when parsing a crafted Excel file. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a user to open a maliciously crafted file. In situations where code execution is successful the injected code will run within the security context of the currently logged in user. If code execution fails, the vulnerable application may terminate abnormally.
SituationFile-OLE_Microsoft-Excel-Ptgextraarray-Parsing-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to lack of validation on the PtgExtraArray data structure when parsing a crafted Excel file. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a user to open a maliciously crafted file. In situations where code execution is successful the injected code will run within the security context of the currently logged in user. If code execution fails, the vulnerable application may terminate abnormally.
References:
CVE-2010-3239
BID-43654
MS10-080
Back to top

MS10-080 Microsoft-Excel-Real-Time-Data-Array-Record-CVE-2010-3240

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-348-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2002; Microsoft Excel 2007; Microsoft Excel Viewer
Type: Input Validation
Description: There is a vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Excel-Real-Time-Data-Array-Record-CVE-2010-3240
Comment: Detected attempt to exploit a vulnerability in Microsoft Excel
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-Real-Time-Data-Array-Record-CVE-2010-3240
Comment: Detected attempt to exploit a vulnerability in Microsoft Excel
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
References:
CVE-2010-3240
MS10-080
Back to top

MS10-080 Microsoft-Excel-Record-Parsing-Integer-Overflow-CVE-2010-3230

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-347-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2002
Type: Input Validation
Description: There is a vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Excel-Record-Parsing-Integer-Overflow-CVE-2010-3230
Comment: Detected attempt to exploit a vulnerability in Microsoft Excel
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-Record-Parsing-Integer-Overflow-CVE-2010-3230
Comment: Detected attempt to exploit a vulnerability in Microsoft Excel
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Excel was detected.
References:
CVE-2010-3230
MS10-080
Back to top

MS10-080 Microsoft-Office-Excel-Formula-Record-Code-Execution

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-435-4219
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Excel; Microsoft Office
Type: Malfunction
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to an error while processing ptg tokens within Formula records in Excel files. This vulnerability can be exploited by enticing a user to open a maliciously crafted Excel file. Successful exploitation will result in the execution arbitrary code in the context of the logged in user, unsuccessful exploitation may cause the program to terminate abnormally.
SituationFile-OLE_Microsoft-Office-Excel-Formula-Record-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to an error while processing ptg tokens within Formula records in Excel files. This vulnerability can be exploited by enticing a user to open a maliciously crafted Excel file. Successful exploitation will result in the execution arbitrary code in the context of the logged in user, unsuccessful exploitation may cause the program to terminate abnormally.
References:
CVE-2010-3235
MS10-080
Back to top

MS10-080 Microsoft-Office-Excel-Table-Record-Parsing-Code-Execution

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-382-4219
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Excel; Microsoft Excel Viewer; Microsoft Open XML File Format Converter; Microsoft Office; Microsoft Office Compatibility Pack
Type: Malfunction
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to improper parsing of certain Excel Table records in an Excel document that leads to memory access violation and potentially allows for code execution. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the logged in user.
SituationHTTP_SS-Microsoft-Office-Excel-Table-Record-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to improper parsing of certain Excel Table records in an Excel document that leads to memory access violation and potentially allows for code execution. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the logged in user.
SituationFile-OLE_Microsoft-Office-Excel-Table-Record-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to improper parsing of certain Excel Table records in an Excel document that leads to memory access violation and potentially allows for code execution. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the logged in user.
References:
CVE-2010-3232
BID-43646
MS10-080
Back to top

MS10-078 Microsoft-Windows-OpenType-Font-Parsing-Heap-Overflow

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-401-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: A heap buffer overflow vulnerability exists in Microsoft Windows Adobe Type Manager (ATM) library for OpenType Font parsing. The vulnerability is due to insufficient validation of a value while processing the Naming Table inside OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected library, such as Windows FontViewer. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.
SituationHTTP_SS-Microsoft-Windows-OpenType-Font-Parsing-Heap-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A heap buffer overflow vulnerability exists in Microsoft Windows Adobe Type Manager (ATM) library for OpenType Font parsing. The vulnerability is due to insufficient validation of a value while processing the Naming Table inside OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected library, such as Windows FontViewer. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.
SituationFile-Binary_Microsoft-Windows-OpenType-Font-Parsing-Heap-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A heap buffer overflow vulnerability exists in Microsoft Windows Adobe Type Manager (ATM) library for OpenType Font parsing. The vulnerability is due to insufficient validation of a value while processing the Naming Table inside OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected library, such as Windows FontViewer. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.
References:
CVE-2010-2740
BID-43778
MS10-078
Back to top

MS10-078 Microsoft-Windows-OpenType-Font-Validation-Integer-Overflow

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-379-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Integer Overflow
Description: An integer overflow vulnerability exists in Microsoft Windows OpenType format driver. The vulnerability is due to insufficient validation of an integer value while processing the Font Table Directory inside OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Windows Font Viewer. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.
SituationHTTP_SS-Microsoft-Windows-OpenType-Font-Validation-Integer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: An integer overflow vulnerability exists in Microsoft Windows OpenType format driver. The vulnerability is due to insufficient validation of an integer value while processing the Font Table Directory inside OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Windows Font Viewer. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.
SituationFile-Binary_Microsoft-Windows-OpenType-Font-Validation-Integer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: An integer overflow vulnerability exists in Microsoft Windows OpenType format driver. The vulnerability is due to insufficient validation of an integer value while processing the Font Table Directory inside OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Windows Font Viewer. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.
References:
CVE-2010-2741
BID-43779
MS10-078
Back to top

MS10-075 Media-Player-Network-Sharing-Service-Code-Execution-CVE-2010-3225

About this vulnerability: A code execution vulnerability in Microsoft Windows Media Player
Risk: Critical
First detected in: sgpkg-ips-347-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft Windows Media Player.
SituationGeneric_CS-Media-Player-Network-Sharing-Service-Code-Execution-CVE-2010-3225
Comment: An attempt to exploit a code execution vulnerability in Microsoft Windows Media Player detected
Description: An attempt to exploit a code execution vulnerability in Microsoft Windows Media Player has been detected.
References:
CVE-2010-3225
MS10-075
Back to top

MS10-072, MS10-071 Microsoft-Internet-Explorer-And-Sharepoint-Services-HTML-Sanitization-XSS

About this vulnerability: A vulnerability in Microsoft Groove Server
Risk: Moderate
First detected in: sgpkg-ips-435-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer; Microsoft Sharepoint
Type: Cross-site Scripting
Description: A vulnerability exists in Microsoft Windows Internet Explorer and SharePoint Server products that may allow remote attackers to execute Cross Site Scripting attacks within a target system. The vulnerability is due to insufficient validation of HTML code. Remote attackers can exploit this vulnerability by enticing the target user to view a Web page containing crafted use of the Cascading Style Sheets (CSS) @import rule. Successful exploitation of this vulnerability could lead to information disclosure and execution of arbitrary script code within the context of the target system. Note: This vulnerability is different than the one identified by CVE-2010-1257.
SituationFile-Text_MS-Internet-Explorer-And-Sharepoint-Services-HTML-Sanitization-XSS
Comment: An attempt to exploit a vulnerability in Microsoft Groove Server detected
Description: A vulnerability exists in Microsoft Windows Internet Explorer and SharePoint Server products that may allow remote attackers to execute Cross Site Scripting attacks within a target system. The vulnerability is due to insufficient validation of HTML code. Remote attackers can exploit this vulnerability by enticing the target user to view a Web page containing crafted use of the Cascading Style Sheets (CSS) @import rule. Successful exploitation of this vulnerability could lead to information disclosure and execution of arbitrary script code within the context of the target system. Note: This vulnerability is different than the one identified by CVE-2010-1257.
References:
CVE-2010-3324
MS10-072
MS10-071
Back to top

MS10-072 Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3243

About this vulnerability: A cross-site scripting vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-346-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 8.0
Type: Malfunction
Description: There is a cross-site scripting vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3243
Comment: An attempt to exploit a cross-site scripting vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3243
Comment: An attempt to exploit a cross-site scripting vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-3243
MS10-072
Back to top

MS10-072 Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3324

About this vulnerability: A cross-site scripting vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-346-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 8.0
Type: Malfunction
Description: There is a cross-site scripting vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3324
Comment: An attempt to exploit a cross-site scripting vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3324
Comment: An attempt to exploit a cross-site scripting vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-3324
MS10-072
Back to top

MS10-072, MS10-071 Microsoft-Internet-Explorer-And-Sharepoint-Services-HTML-Sanitization-XSS

About this vulnerability: A vulnerability in Microsoft Groove Server
Risk: Moderate
First detected in: sgpkg-ips-435-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer; Microsoft Sharepoint
Type: Cross-site Scripting
Description: A vulnerability exists in Microsoft Windows Internet Explorer and SharePoint Server products that may allow remote attackers to execute Cross Site Scripting attacks within a target system. The vulnerability is due to insufficient validation of HTML code. Remote attackers can exploit this vulnerability by enticing the target user to view a Web page containing crafted use of the Cascading Style Sheets (CSS) @import rule. Successful exploitation of this vulnerability could lead to information disclosure and execution of arbitrary script code within the context of the target system. Note: This vulnerability is different than the one identified by CVE-2010-1257.
SituationFile-Text_MS-Internet-Explorer-And-Sharepoint-Services-HTML-Sanitization-XSS
Comment: An attempt to exploit a vulnerability in Microsoft Groove Server detected
Description: A vulnerability exists in Microsoft Windows Internet Explorer and SharePoint Server products that may allow remote attackers to execute Cross Site Scripting attacks within a target system. The vulnerability is due to insufficient validation of HTML code. Remote attackers can exploit this vulnerability by enticing the target user to view a Web page containing crafted use of the Cascading Style Sheets (CSS) @import rule. Successful exploitation of this vulnerability could lead to information disclosure and execution of arbitrary script code within the context of the target system. Note: This vulnerability is different than the one identified by CVE-2010-1257.
References:
CVE-2010-3324
MS10-072
MS10-071
Back to top

MS10-071 Microsoft-Internet-Explorer-Cross-Domain-Information-Disclosure-CVE-2010-3330

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-347-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Malfunction
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-Cross-Domain-Disclosure-CVE-2010-3330
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Cross-Domain-Disclosure-CVE-2010-3330
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-3330
MS10-071
Back to top

MS10-071 Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-3328

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-346-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Malfunction
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2010-3328
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2010-3328
Comment: Detected attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-3328
BID-43705
MS10-071
Back to top

MS10-071 Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-3329

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-346-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Malfunction
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-HtmlDlgHelper-ActiveX-Component-Usage
Comment: Reference to Microsoft HtmlDlgHelper ActiveX component detected
Description: Reference to Microsoft HtmlDlgHelper ActiveX component was detected.
SituationFile-Text_Microsoft-HtmlDlgHelper-ActiveX-Component-Usage
Comment: Reference to Microsoft HtmlDlgHelper ActiveX component detected
Description: Reference to Microsoft HtmlDlgHelper ActiveX component was detected.
References:
CVE-2010-3329
BID-43706
MS10-071
Back to top

MS10-071 Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-3331

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-346-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Malfunction
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Scriptlet-ActiveX-Component-Usage
Comment: Reference to Microsoft Scriptlet ActiveX component detected
Description: Reference to Microsoft Scriptlet ActiveX component was detected.
SituationFile-Text_Microsoft-Scriptlet-ActiveX-Component-Usage
Comment: Reference to Microsoft Scriptlet ActiveX component detected
Description: Reference to Microsoft Scriptlet ActiveX component was detected.
References:
CVE-2010-3331
MS10-071
Back to top

MS10-070 Microsoft-ASP.NET-Information-Disclosure-CVE-2010-3332

About this vulnerability: An information disclosure vulnerability in Microsoft ASP.NET
Risk: High
First detected in: sgpkg-ips-342-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft .NET Framework
Type: Malfunction
Description: There is an information disclosure vulnerability in Microsoft ASP.NET.
SituationAnalyzer_Microsoft-ASP.NET-Information-Disclosure-CVE-2010-3332
Comment: Information disclosure attack against Microsoft ASP.NET detected
Description: An attempt to exploit an information disclosure vulnerability (CVE-2010-3332) in Microsoft ASP.NET has been detected.
References:
CVE-2010-3332
BID-43316
MS10-070
Back to top

MS10-068 LDAP-LSASS-Heap-Overflow-CVE-2010-0820

About this vulnerability: LDAP LSASS Heap Overflow vulnerability
Risk: Moderate
First detected in: sgpkg-ips-338-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: Windows LSASS heap overflow vulnerability in LDAP handling, MS10-068.
SituationLDAP_CS-LSASS-Heap-Overflow-CVE-2010-0820
Comment: Detects attempts to exploit a heap overflow vulnerabity in Windows LSASS
Description: An attempt to exploit a heap buffer overflow in IBM Lotus Domino was detected. In particular, a suspicious LDAP message was seen.
References:
CVE-2010-0820
MS10-068
Back to top

MS10-067 Microsoft-WordPad-Text-Converter-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft WordPad
Risk: High
First detected in: sgpkg-ips-376-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: WordPad
Type: Buffer Overflow
Description: A buffer overflow vulnerability exists in Microsoft WordPad. The vulnerability is due to an error while WordPad Text Converter processes data in a specially crafted Word 97 document. Remote attackers can exploit this vulnerability by enticing a target user to open a malicious Word 97 document, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
SituationHTTP_SS-Microsoft-WordPad-Text-Converter-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft WordPad detected
Description: A buffer overflow vulnerability exists in Microsoft WordPad. The vulnerability is due to an error while WordPad Text Converter processes data in a specially crafted Word 97 document. Remote attackers can exploit this vulnerability by enticing a target user to open a malicious Word 97 document, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
SituationFile-OLE_Microsoft-WordPad-Text-Converter-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft WordPad detected
Description: A buffer overflow vulnerability exists in Microsoft WordPad. The vulnerability is due to an error while WordPad Text Converter processes data in a specially crafted Word 97 document. Remote attackers can exploit this vulnerability by enticing a target user to open a malicious Word 97 document, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
References:
CVE-2010-2563
BID-43122
MS10-067
Back to top

MS10-067 Microsoft-WordPad-Text-Converter-CVE-2010-2563

About this vulnerability: A vulnerability in Microsoft WordPad
Risk: High
First detected in: sgpkg-ips-342-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows XP; Windows 2003
Software: WordPad
Type: Input Validation
Description: There is a vulnerability in Microsoft Internet Information Services (IIS).
SituationHTTP_SS-Microsoft-WordPad-Text-Converter-CVE-2010-2563
Comment: An attempt to exploit a vulnerability in Microsoft WordPad
Description: An attempt to exploit a vulnerability in Microsoft WordPad was detected. In particular, a suspicious document was seen.
SituationFile-OLE_Microsoft-WordPad-Text-Converter-CVE-2010-2563
Comment: An attempt to exploit a vulnerability in Microsoft WordPad
Description: An attempt to exploit a vulnerability in Microsoft WordPad was detected. In particular, a suspicious document was seen.
References:
CVE-2010-2563
MS10-067
Back to top

MS10-065 Microsoft-IIS-Repeated-Parameter-Request-CVE-2010-1899

About this vulnerability: A vulnerability in Microsoft IIS
Risk: High
First detected in: sgpkg-ips-338-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: IIS 5.1; IIS 6.0; IIS 7.0; IIS 7.5
Type: Input Validation
Description: There is a vulnerability in Microsoft Internet Information Services (IIS).
References:
CVE-2010-1899
MS10-065
Back to top

MS10-065 Microsoft-IIS-Repeated-Parameter-Request-Denial-Of-Service

About this vulnerability: Microsoft IIS crashes when sent malicious POST request with too many name-value pairs
Risk: High
First detected in: sgpkg-ips-344-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: IIS
Type: Malfunction
Description: Microsoft IIS has a vulnerability which is due to stack exhaustion while processing HTTP request to ASP resources. A remote unauthenticated attacked can exploit this flaw by sending a POST request with too many name-value pairs.
SituationHTTP_CS-Large-Number-Of-Parameters-In-POST-Request
Comment: HTTP POST request contained a very large number of parameters
Description: There was a large number (one thousand or more) of parameters in an HTTP POST request. This could be a sign of a repeated parameter DoS or a hash collision DoS attack.
SituationHTTP_CRL-Too-Many-Parameters-In-GET-Request
Comment: HTTP GET request contained a very large number of parameters
Description: There was a large number of parameters in an HTTP GET request. This could be a sign of a repeated parameter DoS or a hash collision DoS attack.
References:
CVE-2010-1899
BID-43140
MS10-065
Back to top

MS10-065 Microsoft-IIS-Request-Header-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Internet Information Services
Risk: Moderate
First detected in: sgpkg-ips-375-4219
Last changed: sgpkg-ips-558-5211
Platform: Windows
Software: IIS 7.5
Type: Buffer Overflow
Description: A code execution vulnerability exists in Microsoft Internet Information Services (IIS) when FastCGI is enabled. The vulnerability is due to a heap buffer overflow error when processing unexpected number of headers in an HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to a target server. Successful exploitation would allow an attacker to inject and execute arbitrary code on the target system with the security privileges of the IIS Worker process. Unsuccessful exploitation could create a denial-of-service (DoS) condition when the service reaches its restart limit.
References:
CVE-2010-2730
BID-43138
MS10-065
Back to top

MS10-064 Microsoft-Exchange-Outlook-Compressed-RTF-Parsing-Memory-Corruption

About this vulnerability: Maliciously crafted email could comproise vulnerable Outlook client
Risk: High
First detected in: sgpkg-ips-339-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Outlook
Type: Malfunction
Description: A vulnerability in compressed RTF parsing allows remote attacker to craft malicious emails that could contain automatically executed malcode when opened via Outlook
SituationE-Mail_Compressed-TNEF-RTF-Memory-Corruption
Comment: Detected a potential Outlook exploit
Description: An attempt to transfer an email containing potentially malicious TNEF content was detected.
SituationFile-Binary_Microsoft-Outlook-Compressed-TNEF-RTF-Memory-Corruption
Comment: Detected a potential Outlook exploit
Description: An attempt to transfer an email containing potentially malicious TNEF content was detected.
References:
CVE-2010-2728
MS10-064
Back to top

MS10-063 Microsoft-Products-Uniscribe-Font-Parsing-Engine-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Office
Risk: Moderate
First detected in: sgpkg-ips-401-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: A code execution vulnerability exists in Microsoft Windows and Microsoft Office products. The vulnerability is due to improper input validation of a table in the TrueType font layout. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a target user to open a maliciously crafted document. In situations where code execution is successful the injected code will run within the security context of the currently logged-on user.
SituationHTTP_SS-Microsoft-Products-Uniscribe-Font-Parsing-Engine-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Office detected
Description: A code execution vulnerability exists in Microsoft Windows and Microsoft Office products. The vulnerability is due to improper input validation of a table in the TrueType font layout. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a target user to open a maliciously crafted document. In situations where code execution is successful the injected code will run within the security context of the currently logged-on user.
SituationFile-Binary_Microsoft-Products-Uniscribe-Font-Parsing-Engine-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Office detected
Description: A code execution vulnerability exists in Microsoft Windows and Microsoft Office products. The vulnerability is due to improper input validation of a table in the TrueType font layout. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a target user to open a maliciously crafted document. In situations where code execution is successful the injected code will run within the security context of the currently logged-on user.
References:
CVE-2010-2738
BID-43068
MS10-063
Back to top

MS10-062 Windows-Media-Player-Remote-Code-Execution-CVE-2010-0818

About this vulnerability: A remote code execution vulnerability in Windows Media Player
Risk: Critical
First detected in: sgpkg-ips-340-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Windows Media Player
Type: Malfunction
Description: There is a remote code execution vulnerability in Windows Media Player.
SituationE-Mail_BS-Windows-Media-Player-Remote-Code-Execution-CVE-2010-0818
Comment: A malicious ASF file targeting CVE-2010-0818 detected as an e-mail attachment
Description: A malicious ASF file targeting CVE-2010-0818 has been detected as an e-mail attachment.
SituationHTTP_SS-Windows-Media-Player-Remote-Code-Execution-CVE-2010-0818
Comment: A malicious ASF file targeting CVE-2010-0818 over HTTP detected
Description: A malicious ASF file targeting CVE-2010-0818 over HTTP has been detected.
SituationFile-Binary_Windows-Media-Player-Remote-Code-Execution-CVE-2010-0818
Comment: A malicious ASF file targeting CVE-2010-0818 over HTTP detected
Description: A malicious ASF file targeting CVE-2010-0818 over HTTP has been detected.
References:
CVE-2010-0818
MS10-062
Back to top

MS10-061 Microsoft-Print-Service-Impersonation-CVE-2010-2729

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-338-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7
Software: <os>
Type: Input Validation
Description: There is a vulnerability in Microsoft Windows Print Spooler service.
SituationMSRPC-TCP_CPS-Microsoft-Print-Service-Impersonation-CVE-2010-2729
Comment: An attempt to exploit a vulnerability in Microsoft Print Spooler Service
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected. In particular, a suspicious print spooler request was seen.
References:
CVE-2010-2729
BID-43073
OSVDB-67988
MS10-061
Back to top

MS10-060 Microsoft-Silverlight-Pointer-Handling-Memory-Corruption

About this vulnerability: Microsoft Silverlight Pointer Handling Memory Corruption
Risk: Critical
First detected in: sgpkg-ips-331-4219
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Silverlight
Type: Malfunction
Description: A remote code execution vulnerability exists in Microsoft Silverlight. The vulnerability is due to a flaw in the way that Microsoft Silverlight handles pointers. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page, potentially causing arbitrary code to be injected and executed on the target host. Successful exploitation could result in execution of arbitrary code on the vulnerable system in the context of the logged-on user. Additionally, the behaviour of the target machine is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationHTTP_SS-Microsoft-Silverlight-Pointer-Handling-Memory-Corruption
Comment: Microsoft Silverlight memory corruption
Description: A malicious html document targeting Silverlight vulnerability CVE-2010-0019 has been detected.
SituationFile-Text_Microsoft-Silverlight-Pointer-Handling-Memory-Corruption
Comment: Microsoft Silverlight memory corruption
Description: A malicious html document targeting Silverlight vulnerability CVE-2010-0019 has been detected.
References:
CVE-2010-0019
MS10-060
Back to top

MS10-057 Microsoft-Office-Excel-Memory-Corruption-CVE-2010-2562

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-328-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft Office
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Excel.
SituationE-Mail_BS-Microsoft-Office-Excel-Memory-Corruption-CVE-2010-2562
Comment: A malicious Microsoft Excel document targeting CVE-2010-2562 detected as an e-mail attachment
Description: A malicious Microsoft Excel document targeting CVE-2010-2562 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Office-Excel-Memory-Corruption-CVE-2010-2562
Comment: A malicious Microsoft Excel document targeting CVE-2010-2562 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-2562 over HTTP has been detected.
SituationFile-OLE_Microsoft-Office-Excel-Memory-Corruption-CVE-2010-2562
Comment: A malicious Microsoft Excel document targeting CVE-2010-2562 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-2562 over HTTP has been detected.
References:
CVE-2010-2562
MS10-057
Back to top

MS10-056 Microsoft-Office-Word-Sprmcmajority-Record-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Office Compatibility Pack
Risk: High
First detected in: sgpkg-ips-378-4219
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Office Compatibility Pack; Microsoft Office 2004; Microsoft Office 2008; Microsoft Word; Microsoft Open XML File Format Converter; Microsoft Works
Type: Buffer Overflow
Description: A stack buffer overflow vulnerability exists in Microsoft Office Word. The vulnerability is due to a boundary error when handling a malformed sprmCMajority record within Microsoft Office documents. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a user to open a maliciously crafted file. In situations where code execution is successful the injected code will run within the security context of the currently logged in user. If code execution fails, the vulnerable application may terminate abnormally.
SituationHTTP_SS-Microsoft-Office-Word-Sprmcmajority-Record-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Office Compatibility Pack detected
Description: A stack buffer overflow vulnerability exists in Microsoft Office Word.
SituationFile-OLE_Microsoft-Office-Word-Sprmcmajority-Record-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Office Compatibility Pack detected
Description: A stack buffer overflow vulnerability exists in Microsoft Office Word.
References:
CVE-2010-1900
BID-42136
MS10-056
Back to top

MS10-056 Microsoft-Word-HTML-Linked-Objects-Memory-Corruption-CVE-2010-1903

About this vulnerability: A memory corruption vulnerability in Microsoft Word
Risk: High
First detected in: sgpkg-ips-329-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office
Type: Buffer Overflow
Description: There is a memory corruption vulnerability in Microsoft Word.
SituationE-Mail_BS-Microsoft-Word-HTML-Linked-Objects-Memory-Corruption-CVE-2010-1903
Comment: A malicious Word document targeting CVE-2010-1903 detected as an e-mail attachment
Description: A malicious Word document targeting CVE-2010-1903 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Word-HTML-Linked-Objects-Memory-Corruption-CVE-2010-1903
Comment: A malicious Word document targeting CVE-2010-1903 over HTTP detected
Description: A malicious Word document targeting CVE-2010-1903 over HTTP has been detected.
SituationFile-OLE_Microsoft-Word-HTML-Linked-Objects-Memory-Corruption-CVE-2010-1903
Comment: A malicious Word document targeting CVE-2010-1903 over HTTP detected
Description: A malicious Word document targeting CVE-2010-1903 over HTTP has been detected.
References:
CVE-2010-1903
MS10-056
Back to top

MS10-056 Microsoft-Word-RTF-Parsing-Buffer-Overflow-CVE-2010-1902

About this vulnerability: A memory corruption vulnerability in Microsoft Word
Risk: High
First detected in: sgpkg-ips-328-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office
Type: Buffer Overflow
Description: There is a memory corruption vulnerability in Microsoft Word.
SituationE-Mail_BS-Microsoft-Word-RTF-Parsing-Buffer-Overflow-CVE-2010-1902
Comment: A malicious RTF document targeting CVE-2010-1902 detected as an e-mail attachment
Description: A malicious RTF document targeting CVE-2010-1902 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Word-RTF-Parsing-Buffer-Overflow-CVE-2010-1902
Comment: A malicious RTF document targeting CVE-2010-1902 over HTTP detected
Description: A malicious RTF document targeting CVE-2010-1902 over HTTP has been detected.
SituationFile-RTF_Microsoft-Word-RTF-Parsing-Buffer-Overflow-CVE-2010-1902
Comment: A malicious RTF document targeting CVE-2010-1902 over HTTP detected
Description: A malicious RTF document targeting CVE-2010-1902 over HTTP has been detected.
References:
CVE-2010-1902
MS10-056
Back to top

MS10-056 Microsoft-Word-RTF-Parsing-Engine-Memory-Corruption-CVE-2010-1901

About this vulnerability: A memory corruption vulnerability in Microsoft Word
Risk: High
First detected in: sgpkg-ips-328-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Word.
SituationE-Mail_BS-Microsoft-Word-RTF-Parsing-Engine-Memory-Corruption-CVE-2010-1901
Comment: A malicious RTF document targeting CVE-2010-1901 detected as an e-mail attachment
Description: A malicious RTF document targeting CVE-2010-1901 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Word-RTF-Parsing-Engine-Memory-Corruption-CVE-2010-1901
Comment: A malicious RTF document targeting CVE-2010-1901 over HTTP detected
Description: A malicious RTF document targeting CVE-2010-1901 over HTTP has been detected.
SituationFile-RTF_Microsoft-Word-RTF-Parsing-Engine-Memory-Corruption-CVE-2010-1901
Comment: A malicious RTF document targeting CVE-2010-1901 over HTTP detected
Description: A malicious RTF document targeting CVE-2010-1901 over HTTP has been detected.
References:
CVE-2010-1901
MS10-056
Back to top

MS10-055 Microsoft-Windows-Cinepak-Codec-Code-Execution

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-378-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: A remote code execution vulnerability exists in the Microsoft Windows Cinepak Codec.
SituationHTTP_SS-Microsoft-Windows-Cinepak-Codec-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A remote code execution vulnerability exists in the Microsoft Windows Cinepak Codec.
SituationFile-RIFF_Microsoft-Windows-Cinepak-Codec-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A remote code execution vulnerability exists in the Microsoft Windows Cinepak Codec.
References:
CVE-2010-2553
BID-42256
MS10-055
Back to top

MS10-054 SMB-Pool-Overflow-MS10-054

About this vulnerability: A memory corruption vulnerability in Samba
Risk: Critical
First detected in: sgpkg-ips-328-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a memory corruption vulnerability in SMB Server. A remote unauthenticated attacker can exploit this vulnerability by specifying a malicious request to compromise the vulnerable system.
SituationSMB-TCP_CHS-SMB-Server-Pool-Overflow-MS10-054
Comment: An attempt to exploit a memory corruption vulnerability in SMB Server detected
Description: A possible attempt to exploit a memory corruption vulnerability in SMB Server has been detected.
SituationSMB-TCP_CHS-SMB-Server-Pool-Overflow-MS10-054-2
Comment: An attempt to exploit a memory corruption vulnerability in SMB Server detected
Description: A possible attempt to exploit a memory corruption vulnerability in SMB Server has been detected.
References:
CVE-2010-2550
MS10-054
Back to top

MS10-053 Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2557

About this vulnerability: A memory corruption vulnerability in Microsoft Internet Explorer
Risk: Critical
First detected in: sgpkg-ips-330-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.
SituationHTTP_SS-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2557
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2557
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-2557
MS10-053
Back to top

MS10-053 Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2559

About this vulnerability: A memory corruption vulnerability in Microsoft Internet Explorer
Risk: Critical
First detected in: sgpkg-ips-330-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.
SituationHTTP_SS-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2559
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2559
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-2559
MS10-053
Back to top

MS10-053 Microsoft-Internet-Explorer-HTML-Layout-Memory-Corruption-CVE-2010-2560

About this vulnerability: A memory corruption vulnerability in Microsoft Internet Explorer
Risk: Critical
First detected in: sgpkg-ips-329-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.
SituationHTTP_SS-Microsoft-Internet-Explorer-HTML-Layout-Memory-Corruption-CVE-2010-2560
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Microsoft-Internet-Explorer-HTML-Layout-CVE-2010-2560
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-2560
MS10-053
Back to top

MS10-052 Microsoft-DirectShow-MPEG-Layer-3-Audio-Decoder-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-415-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: A code execution vulnerability has been reported in Microsoft DirectShow MPEG Layer-3 Audio Decoder. The vulnerability is due to memory corruption while decoding specially crafted media files. An attacker can exploit this vulnerability by enticing a user to process a malicious audio file. This can lead to memory corruption and the possibility of code execution in the context of the logged in user.
SituationFile-Binary_Microsoft-DirectShow-MPEG-Layer-3-Audio-Decoder-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A code execution vulnerability has been reported in Microsoft DirectShow MPEG Layer-3 Audio Decoder. The vulnerability is due to memory corruption while decoding specially crafted media files. An attacker can exploit this vulnerability by enticing a user to process a malicious audio file. This can lead to memory corruption and the possibility of code execution in the context of the logged in user.
References:
CVE-2010-1882
MS10-052
Back to top

MS10-051 Microsoft-XML-Core-Services-Memory-Corruption-CVE-2010-2561

About this vulnerability: A memory corruption vulnerability in Microsoft XML Core Services
Risk: Critical
First detected in: sgpkg-ips-331-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft XML Core Services. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.
SituationHTTP_SS-Core-Services-Memory-Corruption-CVE-2010-2561
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft XML Core Services detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft XML Core Services has been detected.
SituationHTTP_SHS-Core-Services-Memory-Corruption-CVE-2010-2561
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft XML Core Services detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft XML Core Services has been detected.
References:
CVE-2010-2561
MS10-051
Back to top

MS10-050 Microsoft-Windows-Movie-Maker-Mediaclipstring-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Windows Movie Maker
Risk: Moderate
First detected in: sgpkg-ips-384-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Windows Movie Maker;
Type: Buffer Overflow
Description: A buffer overflow vulnerability exists in Microsoft Windows Movie Maker. The flaw is due to a boundary error in the way the affected product handles specially crafted MediaClipString data in a Movie Maker project file. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious project file (.MSWMM). A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
SituationHTTP_SS-Microsoft-Windows-Movie-Maker-Mediaclipstring-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows Movie Maker detected
Description: A buffer overflow vulnerability exists in Microsoft Windows Movie Maker. The flaw is due to a boundary error in the way the affected product handles specially crafted MediaClipString data in a Movie Maker project file. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious project file (.MSWMM). A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
SituationFile-OLE_Microsoft-Windows-Movie-Maker-Mediaclipstring-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows Movie Maker detected
Description: A buffer overflow vulnerability exists in Microsoft Windows Movie Maker. The flaw is due to a boundary error in the way the affected product handles specially crafted MediaClipString data in a Movie Maker project file. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious project file (.MSWMM). A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
References:
CVE-2010-2564
BID-42268
MS10-050
Back to top

MS10-046 Windows-Shell-Shortcut-Arbitrary-Code-Execution

About this vulnerability: Vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-323-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a vulnerability in Windows Shell, a component of Microsoft Windows.
SituationHTTP_SS-Windows-Shell-Shortcut-Arbitrary-Code-Execution
Comment: Attempt to exploit a vulnerability in Microsoft Windows
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected. In particular, a file with suspicious characterstics was seen.
SituationSMB-TCP_FR-Windows-Shell-Shortcut-Arbitrary-Code-Execution
Comment: Attempt to exploit a vulnerability in Microsoft Windows
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected. In particular, a file with suspicious characterstics was seen.
SituationSMB-TCP_FW-Windows-Shell-Shortcut-Arbitrary-Code-Execution
Comment: Attempt to exploit a vulnerability in Microsoft Windows
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected. In particular, a file with suspicious characterstics was seen.
SituationFile-Binary_Windows-Shell-Shortcut-Arbitrary-Code-Execution
Comment: Attempt to exploit a vulnerability in Microsoft Windows
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected. In particular, a file with suspicious characterstics was seen.
SituationFile-Binary_Windows-LNK-File-Transfer
Comment: Transfer of a Windows LNK file detected
Description: Transfer of a Window LNK file (file shortcut) has been detected. This can be considered an unusual event and it may be an attempt to exploit a vulnerability in Windows.
SituationFile-Binary_Windows-Control-Panel-Applet-Shortcut-File-Transfer
Comment: Transfer of a Windows Control Panel Applet shortcut file detected
Description: Transfer of a Window shortcut file (.LNK) that points to a Control Panel Applet has been detected. This can be considered an unusual event and it may be an attempt to exploit a vulnerability in Windows.
References:
CVE-2010-2568
BID-41732
MS10-046
Back to top

MS10-045 Microsoft-Outlook-SMB-Attachment

About this vulnerability: A vulnerability in Microsoft Outlook
Risk: High
First detected in: sgpkg-ips-321-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft Outlook
Type: Input Validation
Description: There is a vulnerability in Microsoft Outlook.
SituationE-Mail_BS-Microsoft-Outlook-SMB-Attachment
Comment: An attempt to exploit a vulnerability in Microsoft Outlook
Description: An attempt to exploit a vulnerability in Microsoft Outlook was detected. In particular, a suspicious message was seen.
SituationE-Mail_BS-Microsoft-Outlook-SMB-Msg-Attachment
Comment: An attempt to exploit a vulnerability in Microsoft Outlook
Description: An attempt to exploit a vulnerability in Microsoft Outlook was detected. In particular, a suspicious message was seen.
SituationHTTP_SS-Microsoft-Outlook-SMB-Msg-Attachment
Comment: An attempt to exploit a vulnerability in Microsoft Outlook
Description: An attempt to exploit a vulnerability in Microsoft Outlook was detected. In particular, a suspicious message was seen.
SituationFile-OLE_Microsoft-Outlook-SMB-Msg-Attachment
Comment: An attempt to exploit a vulnerability in Microsoft Outlook
Description: An attempt to exploit a vulnerability in Microsoft Outlook was detected. In particular, a suspicious message was seen.
SituationFile-Binary_Microsoft-Outlook-SMB-Attachment
Comment: An attempt to exploit a vulnerability in Microsoft Outlook
Description: An attempt to exploit a vulnerability in Microsoft Outlook was detected. In particular, a suspicious message was seen.
References:
CVE-2010-0266
MS10-045
Back to top

MS10-044 Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Office Access
Risk: High
First detected in: sgpkg-ips-377-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft Office Access; Microsoft Office
Type: Malfunction
Description: A memory corruption vulnerability exists in Microsoft Access Wizard ActiveX Control.
SituationHTTP_SS-Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Office Access detected
Description: A memory corruption vulnerability exists in Microsoft Access Wizard ActiveX Control.
SituationFile-OLE_Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Office Access detected
Description: A memory corruption vulnerability exists in Microsoft Access Wizard ActiveX Control.
SituationFile-Text_Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Office Access detected
Description: A memory corruption vulnerability exists in Microsoft Access Wizard ActiveX Control.
References:
CVE-2010-1881
BID-41442
MS10-044
Back to top

MS10-044 Microsoft-Office-Access-ActiveX-Control-Memory-Corruption-CVE-2010-0814

About this vulnerability: A memory corruption vulnerability in Microsoft Office Access ActiveX Control
Risk: High
First detected in: sgpkg-ips-321-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Office Access ActiveX Control. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.
SituationHTTP_SS-Microsoft-Office-Access-ActiveX-Control-Memory-Corruption-CVE-2010-0814
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Office Access ActiveX Control detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Office Access ActiveX Control has been detected.
SituationFile-Text_Microsoft-Office-Access-ActiveX-Memory-Corruption-CVE-2010-0814
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Office Access ActiveX Control detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Office Access ActiveX Control has been detected.
References:
CVE-2010-0814
MS10-044
Back to top

MS10-042 Microsoft-Help-Centre-Malformed-Escape-Sequence

About this vulnerability: A vulnerability in Microsoft Help Centre
Risk: High
First detected in: sgpkg-ips-312-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Input Validation
Description: There is a vulnerability in the Microsoft Windows Help Centre protocol handler (HPC). The protocol handler does not process invalid escape sequences correctly, allowing execution of arbitrary code in the context of the current user.
SituationHTTP_SS-Microsoft-Help-Centre-Protocol-Access
Comment: An attempt to use Microsoft's Centre Help Protocol handler was detected
Description: An attempt to use the Microsoft Windows Help Centre protocol handler (HPC), included in the Microsoft Windows operating system was detected. Use of this protocol in traffic from untrusted sources may indicate an attack.
SituationHTTP_SS-Microsoft-Help-Centre-Malformed-Escape-Sequence
Comment: An attempt to exploit a vulnerability in Microsoft's Help Centre Protocol handler was detected
Description: An attempt to exploit a vulnerability in the Microsoft Windows Help Centre protocol handler (HPC). In particular, a suspicious URI was seen.
SituationFile-Text_Microsoft-Help-Centre-Protocol-Access
Comment: An attempt to use Microsoft's Centre Help Protocol handler was detected
Description: An attempt to use the Microsoft Windows Help Centre protocol handler (HPC), included in the Microsoft Windows operating system was detected. Use of this protocol in traffic from untrusted sources may indicate an attack.
SituationFile-Text_Microsoft-Help-Centre-Malformed-Escape-Sequence
Comment: An attempt to exploit a vulnerability in Microsoft's Help Centre Protocol handler was detected
Description: An attempt to exploit a vulnerability in the Microsoft Windows Help Centre protocol handler (HPC). In particular, a suspicious URI was seen.
SituationFile-Text_Microsoft-Help-Centre-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft's Help Centre Protocol handler was detected
Description: An attempt to exploit a vulnerability in the Microsoft Windows Help Centre protocol handler (HPC). In particular, a suspicious URI was seen.
References:
CVE-2010-1885
BID-40725
MS10-042
Back to top

MS10-039, MS10-035 Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting

About this vulnerability: A cross site scripting vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-327-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Cross-site Scripting
Description: There is a cross site scripting vulnerability in Microsoft Internet Explorer. By enticing the target user to view a web page that uses the "toStaticHTML" method maliciously, a remote attacker can disclose sensitive information or execute arbitrary script code within the context of the target user's browser.
SituationHTTP_SS-Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting
Comment: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting
Comment: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-1257
BID-40409
OSVDB-65211
MS10-039
MS10-035
Back to top

MS10-039 Microsoft-Office-Sharepoint-Server-help.aspx-Cross-Site-Scripting

About this vulnerability: A cross-site scripting vulnerability in Microsoft Office SharePoint Server
Risk: Moderate
First detected in: sgpkg-ips-303-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft Office SharePoint Server
Type: Cross-site Scripting
Description: There is a cross-site scripting vulnerability in Microsoft Office SharePoint Server. A remote attacker can exploit this vulnerability by embedding malicious HTML or script code as a part of a URL, to be executed in the target user's browser with the privileges of the website.
SituationHTTP_CRL-Microsoft-Office-Sharepoint-Server-help.aspx-Cross-Site-Scripting
Comment: An attempt to exploit a cross-site scripting vulnerability in Microsoft Office SharePoint Server detected
Description: An attempt to exploit a cross-site scripting vulnerability in Microsoft Office SharePoint Server has been detected.
References:
CVE-2010-0817
BID-39776
MS10-039
Back to top

MS10-039 Microsoft-Sharepoint-Server-help.aspx-Denial-Of-Service

About this vulnerability: A vulnerability in Microsoft Windows Sharepoint Services
Risk: Moderate
First detected in: sgpkg-ips-317-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft Office SharePoint Server
Type: Malfunction
Description: A denial of service vulnerability exists in Microsoft Office SharePoint. The flaw is due to the way that the affected product handles maliciously crafted requests sent to the Help.aspx page. A remote attacker can exploit this vulnerability to cause a denial of service condition by sending consecutive number of requests. Successful exploitation would cause the Microsoft Office SharePoint server to become unresponsive until an administrator manually restarts the application pool, and thus causing a denial of service condition.
SituationHTTP_CSU-Microsoft-Sharepoint-Server-help.aspx-Denial-Of-Service
Comment: An attempt to exploit a vulnerability in Microsoft Windows Sharepoint Services detected
Description: A denial of service vulnerability exists in Microsoft Office SharePoint. The flaw is due to the way that the affected product handles maliciously crafted requests sent to the Help.aspx page. A remote attacker can exploit this vulnerability to cause a denial of service condition by sending consecutive number of requests. Successful exploitation would cause the Microsoft Office SharePoint server to become unresponsive until an administrator manually restarts the application pool, and thus causing a denial of service condition.
References:
CVE-2010-1264
BID-40559
MS10-039
Back to top

MS10-038 Excel-Memory-Corruption-CVE-2010-0823

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-312-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft Office
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Excel.
SituationE-Mail_BS-Excel-Memory-Corruption-CVE-2010-0823
Comment: A malicious Microsoft Excel document targeting CVE-2010-0823 detected as an e-mail attachment
Description: A malicious Microsoft Excel document targeting CVE-2010-0823 has been detected as an e-mail attachment.
SituationHTTP_SS-Excel-Memory-Corruption-CVE-2010-0823
Comment: A malicious Microsoft Excel document targeting CVE-2010-0823 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-0823 over HTTP has been detected.
SituationFile-OLE_Excel-Memory-Corruption-CVE-2010-0823
Comment: A malicious Microsoft Excel document targeting CVE-2010-0823 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-0823 over HTTP has been detected.
References:
CVE-2010-0823
OSVDB-65233
MS10-038
Back to top

MS10-038 Microsoft-Excel-ExternName-Record-Parsing-Buffer-Overflow-CVE-2010-1249

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-320-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft Office
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Excel.
SituationE-Mail_BS-Excel-ExternName-Record-Parsing-Buffer-Overflow-CVE-2010-1249
Comment: A malicious Microsoft Excel document targeting CVE-2010-1249 detected as an e-mail attachment
Description: A malicious Microsoft Excel document targeting CVE-2010-1249 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Excel-ExternName-Record-Parsing-Buffer-Overflow-CVE-2010-1249
Comment: A malicious Microsoft Excel document targeting CVE-2010-1249 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-1249 over HTTP has been detected.
SituationFile-OLE_Microsoft-Excel-ExternName-Record-Parsing-Buffer-Overflow-CVE-2010-1249
Comment: A malicious Microsoft Excel document targeting CVE-2010-1249 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-1249 over HTTP has been detected.
References:
CVE-2010-1249
BID-40527
OSVDB-65232
MS10-038
Back to top

MS10-038 Microsoft-Excel-SxView-Record-Parsing-Memory-Corruption-CVE-2010-0821

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-320-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft Office
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Excel.
SituationE-Mail_BS-Microsoft-Excel-SxView-Record-Parsing-Memory-Corruption-CVE-2010-0821
Comment: A malicious Microsoft Excel document targeting CVE-2010-0821 detected as an e-mail attachment
Description: A malicious Microsoft Excel document targeting CVE-2010-0821 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Excel-SxView-Record-Parsing-Memory-Corruption-CVE-2010-0821
Comment: A malicious Microsoft Excel document targeting CVE-2010-0821 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-0821 over HTTP has been detected.
SituationFile-OLE_Microsoft-Excel-SxView-Record-Parsing-Memory-Corruption-CVE-2010-0821
Comment: A malicious Microsoft Excel document targeting CVE-2010-0821 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-0821 over HTTP has been detected.
References:
CVE-2010-0821
BID-40518
OSVDB-65227
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-ADO-Object-Parsing-Code-Execution

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-401-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel; Microsoft Excel Viewer; Microsoft Office
Type: Malfunction
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to the way the vulnerable product parses Excel documents that contain malformed ADO Objects, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationHTTP_SS-Microsoft-Office-Excel-ADO-Object-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to the way the vulnerable product parses Excel documents that contain malformed ADO Objects, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-OLE_Microsoft-Office-Excel-ADO-Object-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to the way the vulnerable product parses Excel documents that contain malformed ADO Objects, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-1253
BID-40531
OSVDB-65228
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-Hfpicture-Record-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-384-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2002; Microsoft Office 2004; Microsoft Office XP
Type: Buffer Overflow
Description: A buffer overflow vulnerability exists in Microsoft Office Excel products. The vulnerability is due to improper parsing of an Excel file that includes a malformed HFPicture record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
SituationHTTP_SS-Microsoft-Office-Excel-Hfpicture-Record-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A buffer overflow vulnerability exists in Microsoft Office Excel products. The vulnerability is due to improper parsing of an Excel file that includes a malformed HFPicture record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
SituationFile-OLE_Microsoft-Office-Excel-Hfpicture-Record-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A buffer overflow vulnerability exists in Microsoft Office Excel products. The vulnerability is due to improper parsing of an Excel file that includes a malformed HFPicture record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
References:
CVE-2010-1248
BID-40526
OSVDB-65235
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-Obj-Record-Stack-Buffer-Overflow-CVE-2010-0822

About this vulnerability: A buffer overflow vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-319-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft Office
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Excel.
SituationE-Mail_BS-Microsoft-Office-Excel-Obj-Record-Stack-Buffer-Overflow-CVE-2010-0822
Comment: A malicious Microsoft Excel document targeting CVE-2010-0822 detected as an e-mail attachment
Description: A malicious Microsoft Excel document targeting CVE-2010-0822 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Office-Excel-Obj-Record-Stack-Buffer-Overflow-CVE-2010-0822
Comment: A malicious Microsoft Excel document targeting CVE-2010-0822 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-0822 over HTTP has been detected.
SituationFile-OLE_Microsoft-Office-Excel-Obj-Record-Stack-Buffer-Overflow-CVE-2010-0822
Comment: A malicious Microsoft Excel document targeting CVE-2010-0822 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-0822 over HTTP has been detected.
References:
CVE-2010-0822
BID-40520
OSVDB-65236
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-Publisher-Record-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-467-5211
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is due to improper parsing of an Excel file that includes a malformed Publisher record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
SituationFile-OLE_Microsoft-Office-Excel-Publisher-Record-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is due to improper parsing of an Excel file that includes a malformed Publisher record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.
References:
CVE-2010-1250
BID-40528
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-Realtimedata-Record-Parsing-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Office Excel
Risk: Moderate
First detected in: sgpkg-ips-401-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel
Type: Malfunction
Description: A code execution vulnerability exists in Microsoft Office Excel 2002. The vulnerability is due to the way the vulnerable product parses RealTimeData records in Excel documents, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationHTTP_SS-Microsoft-Office-Excel-Realtimedata-Record-Parsing-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Office Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel 2002. The vulnerability is due to the way the vulnerable product parses RealTimeData records in Excel documents, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-OLE_Microsoft-Office-Excel-Realtimedata-Record-Parsing-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Office Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel 2002. The vulnerability is due to the way the vulnerable product parses RealTimeData records in Excel documents, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-1247
BID-40525
OSVDB-65237
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-RTD-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-388-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel; Microsoft Office
Type: Buffer Overflow
Description: A buffer overflow vulnerability exists in Microsoft Office Excel. The vulnerability is due to a flaw while parsing specially crafted RealTimeData (RTD) records within Excel files. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate.
SituationHTTP_SS-Microsoft-Office-Excel-RTD-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A buffer overflow vulnerability exists in Microsoft Office Excel. The vulnerability is due to a flaw while parsing specially crafted RealTimeData (RTD) records within Excel files. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate.
SituationFile-OLE_Microsoft-Office-Excel-RTD-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A buffer overflow vulnerability exists in Microsoft Office Excel. The vulnerability is due to a flaw while parsing specially crafted RealTimeData (RTD) records within Excel files. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate.
References:
CVE-2010-1246
BID-40524
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-String-Variable-Code-Execution

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-401-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel; Microsoft Office; Microsoft Office
Type: Buffer Overflow
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to an error parsing the string length in an ExternSheet record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationHTTP_SS-Microsoft-Office-Excel-String-Variable-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to an error parsing the string length in an ExternSheet record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-OLE_Microsoft-Office-Excel-String-Variable-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to an error parsing the string length in an ExternSheet record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-1252
BID-40530
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-SxView-SXStreamID-Memory-Corruption-CVE-2010-1245

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-321-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft Office
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Office-Excel-SxView-SXStreamID-Memory-Corruption-CVE-2010-1245
Comment: A malicious Microsoft Excel document targeting CVE-2010-1245 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-1245 over HTTP has been detected.
SituationFile-OLE_Microsoft-Office-Excel-SxView-SXStreamID-CVE-2010-1245
Comment: A malicious Microsoft Excel document targeting CVE-2010-1245 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-1245 over HTTP has been detected.
References:
CVE-2010-1245
BID-40523
OSVDB-65229
MS10-038
Back to top

MS10-038 Microsoft-Office-Excel-WOpt-Record-Memory-Corruption-CVE-2010-0824

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-320-4219
Last changed: sgpkg-ips-518-5211
Platform: Any Operating System
Software: Microsoft Office
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Excel.
SituationE-Mail_BS-Microsoft-Office-Excel-WOpt-Record-Memory-Corruption-CVE-2010-0824
Comment: A malicious Microsoft Excel document targeting CVE-2010-0824 detected as an e-mail attachment
Description: A malicious Microsoft Excel document targeting CVE-2010-0824 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Office-Excel-WOpt-Record-Memory-Corruption-CVE-2010-0824
Comment: A malicious Microsoft Excel document targeting CVE-2010-0824 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-0824 over HTTP has been detected.
SituationFile-OLE_Microsoft-Office-Excel-WOpt-Record-Memory-Corruption-CVE-2010-0824
Comment: A malicious Microsoft Excel document targeting CVE-2010-0824 over HTTP detected
Description: A malicious Microsoft Excel document targeting CVE-2010-0824 over HTTP has been detected.
References:
CVE-2010-0824
BID-40522
OSVDB-65231
MS10-038
Back to top

MS10-035 Microsoft-Internet-Explorer-DOM-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-415-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to an error in the handling of certain DOM objects. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behavior of the target host depends on the intended function of the injected code. The injected code is executes in the security context of the currently logged in user. In an unsucessful attack, the vulnerable application may terminate abnormally.
SituationFile-Text_Microsoft-Internet-Explorer-DOM-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in handling of certain DOM objects. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-1259
BID-40410
OSVDB-65215
MS10-035
Back to top

MS10-039, MS10-035 Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting

About this vulnerability: A cross site scripting vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-327-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Cross-site Scripting
Description: There is a cross site scripting vulnerability in Microsoft Internet Explorer. By enticing the target user to view a web page that uses the "toStaticHTML" method maliciously, a remote attacker can disclose sensitive information or execute arbitrary script code within the context of the target user's browser.
SituationHTTP_SS-Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting
Comment: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting
Comment: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a cross site scripting vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-1257
BID-40409
OSVDB-65211
MS10-039
MS10-035
Back to top

MS10-035 Microsoft-Internet-Explorer-URI-Redirection-Security-Bypass

About this vulnerability: A security bypass vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-287-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a security bypass vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-URI-Redirection-Security-Bypass
Comment: An attempt to exploit a security bypass vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a security bypass vulnerability in Microsoft Internet Explorer has been detected.
SituationHTTP_SHS-Microsoft-Internet-Explorer-URI-Redirection-Security-Bypass
Comment: An attempt to exploit a security bypass vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a security bypass vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Microsoft-Internet-Explorer-URI-Redirection-Security-Bypass
Comment: An attempt to exploit a security bypass vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a security bypass vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-0255
BID-38055
OSVDB-62156
MS10-035
Back to top

MS10-034 Microsoft-Internet-Explorer-8-Developer-Tools-Code-Execution-CVE-2010-0811

About this vulnerability: A code execution vulnerability in the Microsoft Internet Explorer 8 Developer Tools
Risk: High
First detected in: sgpkg-ips-310-4219
Last changed: sgpkg-ips-576-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a remote code execution vulnerability in the Microsoft Internet Explorer 8 Developer Tools.
SituationHTTP_SS-Internet-Explorer-8-Developer-Tools-Code-Execution-CVE-2010-0811
Comment: An attempt to exploit a code execution vulnerability in in the Microsoft Internet Explorer 8 Developer Tools detected
Description: An attempt to exploit a code execution vulnerability in the Microsoft Internet Explorer 8 Developer Tools has been detected.
References:
CVE-2010-0811
MS10-034
Back to top

MS10-033 Microsoft-Media-Decompression-Vulnerability-CVE-2010-1879

About this vulnerability: Code execution vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-310-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008
Software: <os>
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft Windows. By persuading a target user to open a malicious media file, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.
SituationE-Mail_BS-Microsoft-Media-Decompression-Vulnerability-CVE-2010-1879
Comment: A malicious AVI file targeting CVE-2010-1879 detected as an e-mail attachment
Description: A malicious AVI file targeting CVE-2010-1879 has been detected as an e-mail attachment.
SituationHTTP_SS-Microsoft-Media-Decompression-Vulnerability-CVE-2010-1879
Comment: A malicious AVI file targeting CVE-2010-1879 over HTTP detected
Description: A malicious AVI file targeting CVE-2010-1879 over HTTP has been detected.
SituationFile-RIFF_Microsoft-Media-Decompression-Vulnerability-CVE-2010-1879
Comment: A malicious AVI file targeting CVE-2010-1879 over HTTP detected
Description: A malicious AVI file targeting CVE-2010-1879 over HTTP has been detected.
References:
CVE-2010-1879
MS10-033
Back to top

MS10-033 Microsoft-Windows-Mjpeg-Media-Decompression-Code-Execution

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-402-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Input Validation
Description: A remote code execution vulnerability exists in Microsoft Windows DirectShow component. The vulnerability is caused by improper handling of compressed data in media files. An attacker can exploit this vulnerability by enticing a target user to open specially crafted media file. In attack scenarios where code execution is successful the injected code will be executed within the context of the currently logged in user. When code execution is not successful, the affected application may terminate abnormally, leading to a denial of service condition.
SituationHTTP_SS-Microsoft-Windows-Mjpeg-Media-Decompression-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A remote code execution vulnerability exists in Microsoft Windows DirectShow component. The vulnerability is caused by improper handling of compressed data in media files. An attacker can exploit this vulnerability by enticing a target user to open specially crafted media file. In attack scenarios where code execution is successful the injected code will be executed within the context of the currently logged in user. When code execution is not successful, the affected application may terminate abnormally, leading to a denial of service condition.
SituationFile-RIFF_Microsoft-Windows-Mjpeg-Media-Decompression-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A remote code execution vulnerability exists in Microsoft Windows DirectShow component. The vulnerability is caused by improper handling of compressed data in media files. An attacker can exploit this vulnerability by enticing a target user to open specially crafted media file. In attack scenarios where code execution is successful the injected code will be executed within the context of the currently logged in user. When code execution is not successful, the affected application may terminate abnormally, leading to a denial of service condition.
References:
CVE-2010-1880
BID-40464
OSVDB-65222
MS10-033
Back to top

MS10-031 Microsoft-Outlook-Express-And-Windows-Mail-Integer-Overflow

About this vulnerability: A vulnerability in Microsoft Outlook Express and Windows Mail
Risk: High
First detected in: sgpkg-ips-304-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft Outlook Express
Type: Input Validation
Description: There is a vulnerability in Microsoft Outlook Express and Windows Mail.
SituationPOP3_SS-Microsoft-Outlook-Express-And-Windows-Mail-Integer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Outlook Express detected
Description: An attempt to exploit a vulnerability in Microsoft Outlook Express and Windows mail was detected.
References:
CVE-2010-0816
BID-40052
MS10-031
Back to top

MS10-030 Microsoft-VBA6-Stack-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Visual Basic for Applications
Risk: High
First detected in: sgpkg-ips-304-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007
Type: Input Validation
Description: There is a vulnerability in Microsoft Visual Basic for Applications.
SituationHTTP_SS-Microsoft-VBA6-Stack-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Visual Basic for Applications detected
Description: An attempt to exploit a vulnerability in Microsoft Visual Basic for Applications was detected.
SituationFile-OLE_Microsoft-VBA6-Stack-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Visual Basic for Applications detected
Description: An attempt to exploit a vulnerability in Microsoft Visual Basic for Applications was detected.
References:
CVE-2010-0815
MS10-030
Back to top

MS10-026 Microsoft-DirectShow-Audio-Decoder-Stack-Overflow

About this vulnerability: A vulnerability in Microsoft DirectShow
Risk: High
First detected in: sgpkg-ips-300-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008
Software: <os>
Type: Input Validation
Description: There is a vulnerability in Microsoft DirectShow.
SituationHTTP_SS-Microsoft-DirectShow-Audio-Decoder-Stack-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft DirectShow detected
Description: An attempt to exploit a vulnerability in Microsoft DirectShow was detected.
SituationFile-RIFF_Microsoft-DirectShow-Audio-Decoder-Stack-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft DirectShow detected
Description: An attempt to exploit a vulnerability in Microsoft DirectShow was detected.
References:
CVE-2010-0480
MS10-026
Back to top

MS10-025 Media-Services-Buffer-Overflow-CVE-2010-0478

About this vulnerability: A vulnerability in Microsoft Windows Media Service 4.1
Risk: High
First detected in: sgpkg-ips-300-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows 2000
Software: <os>
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Windows Media Service 4.1. When exploited successfully, the vulnerability allows remote code execution.
SituationGeneric_CS-Media-Services-Buffer-Overflow-CVE-2010-0478
Comment: An attempt to exploit CVE-2010-0478 over TCP detected
Description: An attempt to exploit CVE-2010-0478 over TCP has been detected.
SituationGeneric_CS-Media-Services-Buffer-Overflow-Exploit-CVE-2010-0478
Comment: An exploit targeting CVE-2010-0478 detected
Description: An exploit targeting CVE-2010-0478 has been detected.
SituationGeneric_UDP-Media-Services-Buffer-Overflow-CVE-2010-0478
Comment: An attempt to exploit CVE-2010-0478 over UDP detected
Description: An attempt to exploit CVE-2010-0478 over UDP has been detected.
References:
CVE-2010-0478
MS10-025
Back to top

MS10-024 Microsoft-Windows-SMTP-Service-DNS-Response-Spoofing

About this vulnerability: A vulnerability in Microsoft Exchange Server
Risk: Moderate
First detected in: sgpkg-ips-436-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a spoofing vulnerability in Microsoft Windows Simple Mail Transfer Protocol (SMTP) Service. The vulnerability is due to insufficient validation of DNS responses to queries made by the SMTP service. Successful exploitation of this vulnerability could allow remote unauthenticated attackers to cause redirection of email traffic.
SituationDNS-UDP_Microsoft-Windows-SMTP-Service-DNS-Response-Spoofing
Comment: An attempt to exploit a vulnerability in Microsoft Exchange Server detected
Description: There is a spoofing vulnerability in Microsoft Windows Simple Mail Transfer Protocol (SMTP) Service. The vulnerability is due to insufficient validation of DNS responses to queries made by the SMTP service. Successful exploitation of this vulnerability could allow remote unauthenticated attackers to cause redirection of email traffic.
References:
CVE-2010-1690
BID-39910
MS10-024
Back to top

MS10-024 Microsoft-Windows-SMTP-Service-MX-Record-Denial-Of-Service

About this vulnerability: An attempt to exploit vulnerability in Windows SMTP service detected
Risk: Moderate
First detected in: sgpkg-ips-394-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows XP; Windows 2003; Windows 2008
Software: Exchange Server 2000; Exchange Server 2003
Type: Malfunction
Description: A denial of service vulnerability has been reported in Microsoft Windows Simple Mail Transfer Protocol (SMTP) service. The vulnerability is due to a memory access error when handling DNS Mail Exchanger (MX) resource records. An attacker can exploit this vulnerability by sending a specifically crafted response to an MX resource record query.
SituationDNS-UDP_Microsoft-Windows-SMTP-Service-MX-Record-Denial-Of-Service
Comment: An attempt to exploit a vulnerability in Windows SMTP service detected
Description: A denial of service vulnerability has been reported in Microsoft Windows Simple Mail Transfer Protocol (SMTP) service. The vulnerability is due to a memory access error when handling DNS Mail Exchanger (MX) resource records. An attacker can exploit this vulnerability by sending a specifically crafted response to an MX resource record query.
References:
CVE-2010-0024
OSVDB-63738
MS10-024
Back to top

MS10-023 Microsoft-Publisher-File-Conversion-Textbox-Processing-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Publisher
Risk: High
First detected in: sgpkg-ips-319-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Publisher 2002; Microsoft Publisher 2003; Microsoft Publisher 2007
Type: Input Validation
Description: There is a vulnerability in Microsoft Publisher.
SituationHTTP_SS-Microsoft-Publisher-File-Conversion-Textbox-Processing-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Publisher detected
Description: An attempt to exploit a vulnerability in Microsoft Publisher was detected.
SituationFile-OLE_Microsoft-Publisher-File-Conversion-Textbox-Processing-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Publisher detected
Description: An attempt to exploit a vulnerability in Microsoft Publisher was detected.
References:
CVE-2010-0479
MS10-023
Back to top

MS10-022 Microsoft-Windows-VBScript-Help-File-Code-Execution

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-290-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows 2000; Windows XP; Windows 2003
Software: <os>
Type: Input Validation
Description: There is a vulnerability in Microsoft Windows.
SituationHTTP_SS-Microsoft-Windows-VBScript-Help-File-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows VBScript detected
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected.
SituationHTTP_SS-Microsoft-Windows-VBScript-Help-File-Code-Execution-2
Comment: An attempt to exploit a vulnerability in Microsoft Windows VBScript detected
Description: A code execution vulnerability exists in Microsoft Windows. The vulnerability is caused by a design weakness in the winhlp32.exe module. Specifically, it is due to the way that the VBScript function MsgBox interacts with Windows Help files when using Internet Explorer. Remote unauthenticated attackers can exploit this vulnerability by enticing the target user to open a malicious website and then press F1 key when a specially crafted dialog box is displayed. This may lead to execution of arbitrary code on the target system within the security context of the currently logged in user. An attempt to exploit such vulnerability via Internet Explorer was detected.
SituationFile-Text_Microsoft-Windows-VBScript-Help-File-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows VBScript detected
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected.
SituationFile-Text_Microsoft-Windows-VBScript-Help-File-Code-Execution-2
Comment: An attempt to exploit a vulnerability in Microsoft Windows VBScript detected
Description: A code execution vulnerability exists in Microsoft Windows. The vulnerability is caused by a design weakness in the winhlp32.exe module. Specifically, it is due to the way that the VBScript function MsgBox interacts with Windows Help files when using Internet Explorer. Remote unauthenticated attackers can exploit this vulnerability by enticing the target user to open a malicious website and then press F1 key when a specially crafted dialog box is displayed. This may lead to execution of arbitrary code on the target system within the security context of the currently logged in user. An attempt to exploit such vulnerability via Internet Explorer was detected.
References:
CVE-2010-0483
BID-38463
OSVDB-62632
MS10-022
Back to top

MS10-020 Microsoft-Windows-Kernel-SMB2-DOS

About this vulnerability: Denial of Service condition in Windows Kernel SMB2
Risk: High
First detected in: sgpkg-ips-266-3038
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a Denial of Service condition in the Windows Kernel SMB2 handling.
SituationNetBIOS-TCP_SMB2-Windows-Kernel-DOS
Comment: Attempt to exploit an SMB2 Windows Kernel Denial of Service
Description: An attempt to exploit a an SMB2 Windows Kernel Denial of Service condition.
References:
CVE-2009-3676
MS10-020
Back to top

MS10-020 Microsoft-Windows-Smb-Client-Message-Size-Vulnerability

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-415-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: A remote code execution vulnerability exists in Microsoft Windows SMB Client. The vulnerability is due to improper validation of certain SMB fields when parsing transaction responses. Remote unauthenticated attackers could exploit this vulnerability by enticing a user to connect to a malicious SMB server and sending a specially crafted SMB response to the target machine. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the operating system kernel (Ring 0). Code injection that does not result in execution could crash the target system, and result in a Denial of Service condition.
SituationNetBIOS-TCP_Microsoft-Windows-Smb-Client-Message-Size-Vulnerability
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A remote code execution vulnerability exists in Microsoft Windows SMB Client. The vulnerability is due to improper validation of certain SMB fields when parsing transaction responses. Remote unauthenticated attackers could exploit this vulnerability by enticing a user to connect to a malicious SMB server and sending a specially crafted SMB response to the target machine. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the operating system kernel (Ring 0). Code injection that does not result in execution could crash the target system, and result in a Denial of Service condition.
References:
CVE-2010-0477
MS10-020
Back to top

MS10-020 Microsoft-Windows-Smb-Client-Response-Parsing-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-415-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: A remote code execution vulnerability exists in Microsoft Windows SMB Client. The vulnerability is due to improper validation of certain SMB fields when parsing transaction responses. Remote unauthenticated attackers could exploit this vulnerability by enticing a user to connect to a malicious SMB server and sending a specially crafted SMB response to the target machine. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the operating system kernel (Ring 0). Code injection that does not result in execution could crash the target system, and result in a Denial of Service condition.
SituationSMB-TCP_Microsoft-Windows-Smb-Client-Response-Parsing-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: A remote code execution vulnerability exists in Microsoft Windows SMB Client. The vulnerability is due to improper validation of certain SMB fields when parsing transaction responses. Remote unauthenticated attackers could exploit this vulnerability by enticing a user to connect to a malicious SMB server and sending a specially crafted SMB response to the target machine. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the operating system kernel (Ring 0). Code injection that does not result in execution could crash the target system, and result in a Denial of Service condition.
References:
CVE-2010-0476
BID-39336
MS10-020
Back to top

MS10-020 Microsoft-Windows-SMB-Client-Transaction-BOF-CVE-2010-0270

About this vulnerability: A buffer overflow vulnerability in Microsoft Windows SMB Client
Risk: Critical
First detected in: sgpkg-ips-302-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows 2008; Windows 7
Software: <os>
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Windows SMB Client. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to connect to a malicious SMB server, and sending a specially crafted SMB response to the target machine.
SituationSMB-TCP_Microsoft-Windows-SMB-Client-Transaction-BOF-Exploit-CVE-2010-0270
Comment: An exploit against CVE-2010-0270 detected
Description: An exploit against CVE-2010-0270 has been detected.
References:
CVE-2010-0270
BID-39339
OSVDB-62046
MS10-020
Back to top

MS10-020 SMB-Client-Memory-Allocation-CVE-2010-0269

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Critical
First detected in: sgpkg-ips-300-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7
Software: <os>
Type: Input Validation
Description: There is a client-side vulnerability in Microsoft Windows SMBv1. When exploited successfully, the vulnerability allows code execution in ring0 context.
SituationSMB-TCP_SMB-Client-Memory-Allocation-CVE-2010-0269
Comment: An attempt to exploit CVE-2010-0269 detected
Description: An attempt to exploit CVE-2010-0269 has been detected.
References:
CVE-2010-0269
MS10-020
Back to top

MS10-018 Microsoft-Internet-Explorer-HTML-Rendering-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-414-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer;
Type: Malfunction
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-Text_Microsoft-Internet-Explorer-HTML-Rendering-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-0807
BID-39024
MS10-018
Back to top

MS10-018 Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-293-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0
Type: Input Validation
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-0806
BID-38615
OSVDB-62810
MS10-018
Back to top

MS10-018 Microsoft-Internet-Explorer-onreadystatechange-Use-After-Free

About this vulnerability: A memory corruption vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-298-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document to execute non-privileged arbitrary code.
SituationHTTP_SS-Microsoft-Internet-Explorer-onreadystatechange-Use-After-Free
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer has been detected.
SituationFile-Text_Microsoft-Internet-Explorer-onreadystatechange-Use-After-Free
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer has been detected.
References:
CVE-2010-0491
BID-39027
OSVDB-63331
MS10-018
Back to top

MS10-018 Microsoft-Internet-Explorer-Tabular-Data-Control-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-414-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Buffer Overflow
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due a design error in the TDCCtl ActiveX Control in the handling of long URLs. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code execution is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in this case would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-Text_Microsoft-Internet-Explorer-Tabular-Data-Control-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due a design error in the TDCCtl ActiveX Control in the handling of long URLs. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code execution is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in this case would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-0805
BID-39025
MS10-018
Back to top

MS10-018 Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-0267

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-414-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0
Type: Malfunction
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due the way that Internet Explorer handles certain type of mouse movement events. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the logic of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-Text_Microsoft-Ie-Memory-Corruption-CVE-2010-0267
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due the way that Internet Explorer handles certain type of mouse movement events. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the logic of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-0267
BID-39023
MS10-018
Back to top

MS10-018 Microsoft-Internet-Explorer-Uninitialized-Object-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-414-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer web browser. The vulnerability is due to an error while accessing an object that has been already deleted or not initialized. This would result in accessing arbitrary memory content and can be exploited for code execution. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could result in execution of arbitrary code on the vulnerable system in the context of the logged-on user. The behaviour of the target machine is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-Text_Microsoft-Internet-Explorer-Uninitialized-Object-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer web browser. The vulnerability is due to an error while accessing an object that has been already deleted or not initialized. This would result in accessing arbitrary memory content and can be exploited for code execution. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could result in execution of arbitrary code on the vulnerable system in the context of the logged-on user. The behaviour of the target machine is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-0490
BID-39031
MS10-018
Back to top

MS10-017 Microsoft-Excel-DbOrParamQry-Record-Parsing-CVE-2010-0264

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-292-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2002; Microsoft Excel 2004 for Mac; Microsoft Excel 2008 for Mac
Type: Input Validation
Description: There is a vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Excel-DbOrParamQry-Record-Parsing-CVE-2010-0264
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-DbOrParamQry-Record-Parsing-CVE-2010-0264
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
References:
CVE-2010-0264
MS10-017
Back to top

MS10-017 Microsoft-Excel-FNGROUPNAME-Record-Uninitialized-Memory-CVE-2010-0262

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-292-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2007; Microsoft Excel 2004 for Mac
Type: Input Validation
Description: There is a vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Excel-FNGROUPNAME-Record-Uninitialized-Memory-CVE-2010-0262
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-FNGROUPNAME-Record-Uninitialized-Memory-CVE-2010-0262
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
References:
CVE-2010-0262
BID-38553
MS10-017
Back to top

MS10-017 Microsoft-Excel-MDXSET-Record-Heap-Overflow-CVE-2010-0261

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-292-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2007
Type: Input Validation
Description: There is a vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Excel-MDXSET-Record-Heap-Overflow-CVE-2010-0261
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-MDXSET-Record-Heap-Overflow-CVE-2010-0261
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
References:
CVE-2010-0261
MS10-017
Back to top

MS10-017 Microsoft-Excel-MDXTUPLE-Record-Heap-Overflow-CVE-2010-0260

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-292-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2007; Microsoft Excel Viewer
Type: Input Validation
Description: There is a vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Excel-MDXTUPLE-Record-Heap-Overflow-CVE-2010-0260
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-MDXTUPLE-Record-Heap-Overflow-CVE-2010-0260
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
References:
CVE-2010-0260
MS10-017
Back to top

MS10-017 Microsoft-Excel-Record-Memory-Corruption-CVE-2010-0257

About this vulnerability: A vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-292-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel 2002
Type: Input Validation
Description: There is a memory corruption vulnerability in Microsoft Excel.
SituationHTTP_SS-Microsoft-Excel-Record-Memory-Corruption-CVE-2010-0257
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-Record-Memory-Corruption-CVE-2010-0257
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a vulnerability in Microsoft Excel was detected.
References:
CVE-2010-0257
MS10-017
Back to top

MS10-017 Microsoft-Office-Excel-Xlsx-File-Parsing-Code-Execution

About this vulnerability: A vulnerability in Microsoft Office Compatibility Pack
Risk: Moderate
First detected in: sgpkg-ips-414-4219
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Excel
Type: Malfunction
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to improper handling of the ZIP header in an XLSX file when decompressing certain XML elements. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user into opening a specially crafted Excel XLSX document. In attack scenarios where code execution is successful the behaviour of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally, leading to a denial of service condition.
SituationFile-Zip_Microsoft-Office-Excel-Xlsx-File-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Office Compatibility Pack detected
Description: A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to improper handling of the ZIP header in an XLSX file when decompressing certain XML elements. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user into opening a specially crafted Excel XLSX document. In attack scenarios where code execution is successful the behaviour of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally, leading to a denial of service condition.
References:
CVE-2010-0263
MS10-017
Back to top

MS10-016 Microsoft-Windows-Movie-Maker-And-Producer-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Producer
Risk: Moderate
First detected in: sgpkg-ips-389-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Producer; Microsoft Windows Movie Maker
Type: Buffer Overflow
Description: A buffer overflow vulnerability exists in Microsoft Windows Movie Maker and Microsoft Producer. The flaw is due to the way the affected products parse maliciously crafted project files. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious file. A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
SituationHTTP_SS-Microsoft-Windows-Movie-Maker-And-Producer-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Producer detected
Description: A buffer overflow vulnerability exists in Microsoft Windows Movie Maker and Microsoft Producer. The flaw is due to the way the affected products parse maliciously crafted project files. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious file. A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
SituationFile-OLE_Microsoft-Windows-Movie-Maker-And-Producer-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Producer detected
Description: A buffer overflow vulnerability exists in Microsoft Windows Movie Maker and Microsoft Producer. The flaw is due to the way the affected products parse maliciously crafted project files. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious file. A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
References:
CVE-2010-0265
BID-38515
MS10-016
Back to top

MS10-013 Microsoft-DirectShow-Heap-Overflow

About this vulnerability: A vulnerability in Microsoft DirectShow
Risk: High
First detected in: sgpkg-ips-283-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7
Software: <os>
Type: Input Validation
Description: There is a vulnerability in Microsoft DirectShow.
SituationHTTP_SS-Microsoft-DirectShow-Heap-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft DirectShow detected
Description: An attempt to exploit a vulnerability in Microsoft DirectShow was detected.
SituationFile-RIFF_Microsoft-DirectShow-Heap-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft DirectShow detected
Description: An attempt to exploit a vulnerability in Microsoft DirectShow was detected.
References:
CVE-2010-0250
BID-38112
MS10-013
Back to top

MS10-012 Microsoft-Windows-SMB-Server-Denial-Of-Service-CVE-2010-0022

About this vulnerability: A denial of service vulnerability in Microsoft Windows SMB server
Risk: High
First detected in: sgpkg-ips-283-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a denial of service vulnerability in Microsoft Windows SMB server.
SituationSMB-TCP_Microsoft-Windows-SMB-Server-Denial-Of-Service-CVE-2010-0022
Comment: An attempt to exploit a denial of service vulnerability in Microsoft Windows SMB server detected
Description: An attempt to exploit a denial of service vulnerability in Microsoft Windows SMB server has been detected.
References:
CVE-2010-0022
MS10-012
Back to top

MS10-012 Microsoft-Windows-SMB-Server-Ntlm-Authentication-Lack-Of-Entropy

About this vulnerability: An NTLM authentication bypass vulnerability in Microsoft Windows SMB server
Risk: High
First detected in: sgpkg-ips-284-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is an NTLM authentication bypass vulnerability in Microsoft Windows SMB server. A remote unauthenticated attacker can exploit this vulnerability to access the SMB service under the credentials of an authorized user. Depending on the privileges of the user and the system configuration, an attacker may obtain read/write access to the files system and execute arbitrary code by deploying DCE/RPC over SMB.
SituationAnalyzer_Microsoft-Windows-Smb-Server-Ntlm-Authentication-Bypass-CVE-2010-0231
Comment: NTLM authentication bypass attack against Microsoft Windows SMB server detected
Description: An attempt to exploit an NTLM authentication lack of entropy vulnerability (CVE-2010-0231) in Microsoft Windows SMB server has been detected.
References:
CVE-2010-0231
MS10-012
Back to top

MS10-012 Microsoft-Windows-SMB-Server-Remote-Code-Execution-CVE-2010-0020

About this vulnerability: A buffer overflow vulnerability in Microsoft Windows SMB server
Risk: High
First detected in: sgpkg-ips-283-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Windows SMB server. An authenticated remote attacker can send specially crafted SMB packets to compromise the vulnerable system.
SituationSMB-TCP_CHS-Microsoft-Windows-SMB-Server-Remote-Code-Execution-MS10-012
Comment: An attempt to exploit a buffer overflow vulnerability in Microsoft Windows SMB server detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Windows SMB server has been detected.
References:
CVE-2010-0020
BID-38049
MS10-012
Back to top

MS10-009 Microsoft-Windows-Ipv6-Router-Advertisement-Stack-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-413-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: A stack buffer overflow vulnerability exists in Microsoft Windows TCP/IP stack. The vulnerability is due to insufficient bounds checking when handling incoming IPv6 Router Advertisement packets. This vulnerability may be exploited by remote unauthenticated attackers by sending specially crafted packets to the affected host. In attack scenarios where code execution is successful the behaviour of the target machine is completely dependent on the intention of the injected code, which will run in the kernel security context. In cases where code execution is not successful the affected product may terminate abnormally to cause a deny of service condition.
SituationIP_Length-Inconsistency
Comment: IP packet with extra padding
Description: An IP packet with extra padding was detected. An ethernet frame with an IP packet contains extra padding after the IP header. This type of IP datagram should not be generated according to the TCP/IP specifications. Note: This situation is made from invalid packet, so all other matching constraints than the situation id is ignored and action with routed packets is always discard, because engine must not route invalid packets. With non routed link-layer packets if action is permit this packet is then passed without any other processing. Also please note that this situation must be correlated in the log server context. Risk analysis: Risk level is low. The packet was either corrupted in transit or it was crafted manually. However, all hosts tend to ignore such extra padding. Most relevant log fields: "Eth frame length" shows the length of the Ethernet frame that encapsulates the IP datagram. "IP offset" shows the number of bytes in the Ethernet header preceding the IP datagram. "IP total length" shows the total length of the IP datagram.
References:
CVE-2010-0239
MS10-009
Back to top

MS10-008 Microsoft-Data-Analyzer-ActiveX-Control-Code-Execution-CVE-2010-0252

About this vulnerability: A code execution vulnerability in the Microsoft Data Analyzer ActiveX Control
Risk: High
First detected in: sgpkg-ips-282-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a remote code execution vulnerability in the Microsoft Data Analyzer ActiveX Control.
SituationHTTP_SS-Microsoft-Data-Analyzer-ActiveX-Control-Code-Execution-CVE-2010-0252
Comment: An attempt to exploit a code execution vulnerability in the Microsoft Data Analyzer ActiveX Control detected
Description: An attempt to exploit a code execution vulnerability in the Microsoft Data Analyzer ActiveX Control has been detected.
SituationFile-Text_Microsoft-Data-Analyzer-ActiveX-Control-Code-Execution-CVE-2010-0252
Comment: An attempt to exploit a code execution vulnerability in the Microsoft Data Analyzer ActiveX Control detected
Description: An attempt to exploit a code execution vulnerability in the Microsoft Data Analyzer ActiveX Control has been detected.
References:
CVE-2010-0252
MS10-008
Back to top

MS10-007 Microsoft-Internet-Explorer-Url-Validation

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-281-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Input Validation
Description: There is a vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-Url-Validation
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Url-Validation
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-0027
MS10-007
Back to top

MS10-006 Microsoft-Windows-SMB-Client-Pool-Corruption

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-281-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows 2000; Windows XP; Windows 2003
Software: <os>
Type: Input Validation
Description: There is a vulnerability in Microsoft Windows.
SituationSMB-TCP_Microsoft-Windows-SMB-Client-Pool-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected.
References:
CVE-2010-0016
MS10-006
Back to top

MS10-006 Microsoft-Windows-SMB-Client-Race-Condition

About this vulnerability: A vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-287-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows Vista; Windows 2008; Windows 7
Software: <os>
Type: Input Validation
Description: There is a vulnerability in Microsoft Windows.
SituationSMB-TCP_Microsoft-Windows-SMB-Client-Race-Condition
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: An attempt to exploit a vulnerability in Microsoft Windows was detected.
References:
CVE-2010-0017
MS10-006
Back to top

MS10-005 Microsoft-Paint-JPEG-Image-Parsing-Integer-Overflow

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-395-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Integer Overflow
Description: An integer overflow vulnerability exists in Microsoft Paint, shipped with various versions of Microsoft Windows. The vulnerability is due to an input validation error while parsing specially crafted JPEG image files. Remote attackers can exploit this vulnerability by enticing target users to open maliciously crafted JPEG image files in a vulnerable version of MS Paint. Successful exploitation would cause a heap buffer overflow that can lead to arbitrary code execution in the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
SituationHTTP_SS-Microsoft-Paint-JPEG-Image-Parsing-Integer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: An integer overflow vulnerability exists in Microsoft Paint, shipped with various versions of Microsoft Windows. The vulnerability is due to an input validation error while parsing specially crafted JPEG image files. Remote attackers can exploit this vulnerability by enticing target users to open maliciously crafted JPEG image files in a vulnerable version of MS Paint. Successful exploitation would cause a heap buffer overflow that can lead to arbitrary code execution in the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
SituationFile-JPEG_Microsoft-Paint-JPEG-Image-Parsing-Integer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: An integer overflow vulnerability exists in Microsoft Paint, shipped with various versions of Microsoft Windows. The vulnerability is due to an input validation error while parsing specially crafted JPEG image files. Remote attackers can exploit this vulnerability by enticing target users to open maliciously crafted JPEG image files in a vulnerable version of MS Paint. Successful exploitation would cause a heap buffer overflow that can lead to arbitrary code execution in the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.
References:
CVE-2010-0028
BID-38042
MS10-005
Back to top

MS10-004 Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0029

About this vulnerability: Code execution vulnerability in Microsoft PowerPoint
Risk: High
First detected in: sgpkg-ips-284-4219
Last changed: sgpkg-ips-545-5211
Platform: Any Operating System
Software: Microsoft PowerPoint
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft PowerPoint. By persuading a target user to open a maliciously named Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.
SituationHTTP_CSU-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0029
Comment: A maliciously named ppt file detected
Description: A maliciously named ppt file has been detected. Opening such a file with the affected product may result in a stack buffer overflow.
SituationHTTP_SHS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0029
Comment: A maliciously named ppt file detected
Description: A maliciously named ppt file has been detected. Opening such a file with the affected product may result in a stack buffer overflow.
References:
CVE-2010-0029
MS10-004
Back to top

MS10-004 Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0031

About this vulnerability: Code execution vulnerability in Microsoft PowerPoint
Risk: High
First detected in: sgpkg-ips-281-4219
Last changed: sgpkg-ips-545-5211
Platform: Any Operating System
Software: Microsoft PowerPoint
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft PowerPoint. By persuading a target user to open a malicious Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.
SituationHTTP_SS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0031
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0031 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0031 over HTTP has been detected.
SituationE-Mail_BS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0031
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0031 detected as an e-mail attachment
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0031 has been detected as an e-mail attachment.
SituationFile-OLE_Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0031
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0031 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0031 over HTTP has been detected.
References:
CVE-2010-0031
MS10-004
Back to top

MS10-004 Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0032

About this vulnerability: Code execution vulnerability in Microsoft PowerPoint
Risk: High
First detected in: sgpkg-ips-281-4219
Last changed: sgpkg-ips-545-5211
Platform: Any Operating System
Software: Microsoft PowerPoint
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft PowerPoint. By persuading a target user to open a malicious Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.
SituationHTTP_SS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0032
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0032 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0032 over HTTP has been detected.
SituationE-Mail_BS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0032
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0032 detected as an e-mail attachment
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0032 has been detected as an e-mail attachment.
SituationFile-OLE_Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0032
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0032 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0032 over HTTP has been detected.
References:
CVE-2010-0032
MS10-004
Back to top

MS10-004 Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0033

About this vulnerability: Code execution vulnerability in Microsoft PowerPoint
Risk: High
First detected in: sgpkg-ips-281-4219
Last changed: sgpkg-ips-545-5211
Platform: Any Operating System
Software: Microsoft PowerPoint
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft PowerPoint. By persuading a target user to open a malicious Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.
SituationHTTP_SS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0033
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0033 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0033 over HTTP has been detected.
SituationE-Mail_BS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0033
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0033 detected as an e-mail attachment
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0033 has been detected as an e-mail attachment.
SituationFile-OLE_Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0033
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0033 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0033 over HTTP has been detected.
References:
CVE-2010-0033
MS10-004
Back to top

MS10-004 Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0034

About this vulnerability: Code execution vulnerability in Microsoft PowerPoint
Risk: High
First detected in: sgpkg-ips-282-4219
Last changed: sgpkg-ips-545-5211
Platform: Any Operating System
Software: Microsoft PowerPoint
Type: Malfunction
Description: There is a code execution vulnerability in Microsoft PowerPoint. By persuading a target user to open a malicious Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.
SituationHTTP_SS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0034
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0034 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0034 over HTTP has been detected.
SituationE-Mail_BS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0034
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0034 detected as an e-mail attachment
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0034 has been detected as an e-mail attachment.
SituationFile-OLE_Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0034
Comment: A malicious Microsoft PowerPoint document targeting CVE-2010-0034 over HTTP detected
Description: A malicious Microsoft PowerPoint document targeting CVE-2010-0034 over HTTP has been detected.
References:
CVE-2010-0034
MS10-004
Back to top

MS10-003 Microsoft-Office-MSO-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-281-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Office XP; Microsoft Office 2004
Type: Input Validation
Description: There is a buffer overflow vulnerability in Microsoft Office.
SituationHTTP_SS-Microsoft-Office-MSO-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Office detected
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
SituationFile-OLE_Microsoft-Office-MSO-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Office detected
Description: An attempt to exploit a vulnerability in Microsoft Office was detected.
References:
CVE-2010-0243
MS10-003
Back to top

MS10-002 Microsoft-Internet-Explorer-DOM-Mergeattributes-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-411-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to insufficient input validation in the DOM mergeAttributes script method. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-Text_Microsoft-Internet-Explorer-DOM-Mergeattributes-Memory-DOS
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to insufficient input validation in the DOM mergeAttributes script method. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
SituationFile-Text_Microsoft-Internet-Explorer-DOM-Mergeattributes-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to insufficient input validation in the DOM mergeAttributes script method. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.
References:
CVE-2010-0247
MS10-002
Back to top

MS10-002 Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-0248

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-279-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7
Software: Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Input Validation
Description: There is a remote code execution vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-0248
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-HTML-Object-CVE-2010-0248
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-0248
MS10-002
Back to top

MS10-002 Microsoft-Internet-Explorer-Invalid-Pointer-Reference

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-275-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7
Software: Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Input Validation
Description: There is a remote code execution vulnerability in Microsoft Internet Explorer. This vulnerability is also know with alias Aurora.
SituationHTTP_SS-Microsoft-Internet-Explorer-Invalid-Pointer-Reference
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Invalid-Pointer-Reference
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-0249
BID-37815
OSVDB-61697
MS10-002
Back to top

MS10-002 Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-0244

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-279-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7
Software: Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0
Type: Input Validation
Description: There is a remote code execution vulnerability in Microsoft Internet Explorer.
SituationHTTP_SS-Microsoft-Internet-Explorer-Memory-Corruption-CVE-2010-0244
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2010-0244
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2010-0244
MS10-002
Back to top

MS10-001 Microsoft-Windows-Embedded-OpenType-Font-Engine-Lzcomp-Integer-Overflow

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-410-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType (EOT) Font Engine. The vulnerability is due to insufficient validation of an integer value while processing an EOT font compressed using the LZCOMP method. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Internet Explorer and Microsoft Office products. Successful exploitation of this vulnerability would result in arbitrary code execution with the privileges of the logged in user. In case of an unsuccessful attack, the application using the affected font engine would terminate abnormally.
SituationFile-Binary_MS-Windows-Embedded-OpenType-Font-Engine-Lzcomp-IOF
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType (EOT) Font Engine. The vulnerability is due to insufficient validation of an integer value while processing an EOT font compressed using the LZCOMP method. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Internet Explorer and Microsoft Office products. Successful exploitation of this vulnerability would result in arbitrary code execution with the privileges of the logged in user. In case of an unsuccessful attack, the application using the affected font engine would terminate abnormally.
References:
CVE-2010-0018
BID-37671
OSVDB-61651
MS10-001
Back to top