cvelistv5 - cve-2010-0019

CVE-2010-0019 (GCVE-0-2010-0019)

Vulnerability from cvelistv5

Published

2010-08-11 18:00

Modified

2024-08-07 00:37

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-7xgr-cxmr-5q3f

Vulnerability from github

Published

2022-05-02 06:09

Modified

2022-05-02 06:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-11T18:47:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\"",
  "id": "GHSA-7xgr-cxmr-5q3f",
  "modified": "2022-05-02T06:09:44Z",
  "published": "2022-05-02T06:09:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0019"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability.". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight ActiveX control is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control. ----------------------------------------------------------------------

"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."

Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:

http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf

TITLE: Microsoft Windows Shell Shortcut Parsing Vulnerability

SECUNIA ADVISORY ID: SA40647

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40647

RELEASE DATE: 2010-07-17

DISCUSS ADVISORY: http://secunia.com/advisories/40647/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/40647/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=40647

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk) as certain parameters are not properly validated when attempting to load the icon. This can be exploited to automatically execute a program via a specially crafted shortcut.

Successful exploitation requires that a user is e.g. tricked into inserting a removable media (when AutoPlay is enabled) or browse to the root folder of the removable media (when AutoPlay is disabled) using Windows Explorer or a similar file manager. Exploitation may also be possible via network shares and WebDAV shares.

NOTE: This is currently being actively exploited in the wild via infected USB drives.

SOLUTION: The vendor recommends disabling the displaying of icons for shortcuts (please see the Microsoft security advisory for details).

PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.

ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2286198.mspx

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                National Cyber Alert System

          Technical Cyber Security Alert TA10-222A

Microsoft Updates for Multiple Vulnerabilities

Original release date: August 10, 2010 Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows
 * Microsoft Office
 * Internet Explorer
 * Microsoft .NET Framework
 * Microsoft Silverlight

Overview

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft .NET Framework, and Microsoft Silverlight.

I. Description

The Microsoft Security Bulletin Summary for August 2010 describes multiple vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft .NET framework, and Microsoft Silverlight. Microsoft has released updates to address the vulnerabilities.

One of the bulletins released, MS10-046, addresses a previously identified vulnerability in the Windows Shell that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#940193.

II.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Microsoft Security Bulletin Summary for August 2010 - http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx
Microsoft Security Bulletin MS10-046 - http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx
US-CERT Vulnerability Note VU#940193 - http://www.kb.cert.org/vuls/id/940193
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA10-222A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA10-222A Feedback VU#505527" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2010 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

August 10, 2010: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9 5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+ vgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP 6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8 at64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd ILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ== =TqKf -----END PGP SIGNATURE----- .

1) An error in the way Silverlight handles pointers can be exploited to corrupt memory by tricking a user into visiting a web site containing specially crafted Silverlight content.

2) An error in the .NET Framework when the CLR (Common Language Runtime) handles delegates to virtual methods can be exploited by a specially crafted .NET application or Silverlight application to execute arbitrary unmanaged code.

SOLUTION: Apply patches. 2) The vendor credits Eamon Nerbonne

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0028",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40624.00"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40818.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0.40723.0"
      },
      {
        "model": "silverlight",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0.50106.0"
      },
      {
        "model": "silverlight",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0.40818.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "3.0.50106.0"
      },
      {
        "model": "silverlight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "BID",
        "id": "42138"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0019"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:silverlight",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carsten Book of the Mozilla Corporation",
    "sources": [
      {
        "db": "BID",
        "id": "42138"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-0019",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2010-0019",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-42624",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-0019",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#940193",
            "trust": 0.8,
            "value": "72.90"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-0019",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201008-091",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-42624",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0019"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight ActiveX control is prone to a remote memory-corruption vulnerability. \nAn attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. \nSuccessful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft Windows Shell Shortcut Parsing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40647\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40647/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647\n\nRELEASE DATE:\n2010-07-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40647/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40647/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Windows, which can be exploited\nby malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in Windows Shell when\nparsing shortcuts (.lnk) as certain parameters are not properly\nvalidated when attempting to load the icon. This can be exploited to\nautomatically execute a program via a specially crafted shortcut. \n\nSuccessful exploitation requires that a user is e.g. tricked into\ninserting a removable media (when AutoPlay is enabled) or browse to\nthe root folder of the removable media (when AutoPlay is disabled)\nusing Windows Explorer or a similar file manager. Exploitation may\nalso be possible via network shares and WebDAV shares. \n\nNOTE: This is currently being actively exploited in the wild via\ninfected USB drives. \n\nSOLUTION:\nThe vendor recommends disabling the displaying of icons for shortcuts\n(please see the Microsoft security advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/2286198.mspx\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Alert System\n\n              Technical Cyber Security Alert TA10-222A\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: August 10, 2010\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Office\n     * Internet Explorer\n     * Microsoft .NET Framework\n     * Microsoft Silverlight\n\n\nOverview\n\n   Microsoft has released updates to address vulnerabilities in\n   Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft\n   .NET Framework, and Microsoft Silverlight. \n\n\nI. Description\n\n   The Microsoft Security Bulletin Summary for August 2010 describes\n   multiple vulnerabilities in Microsoft Windows, Microsoft Office,\n   Internet Explorer, Microsoft .NET framework, and Microsoft\n   Silverlight. Microsoft has released updates to address the\n   vulnerabilities. \n\n   One of the bulletins released, MS10-046, addresses a previously\n   identified vulnerability in the Windows Shell that is actively\n   being exploited.  This vulnerability was also described in US-CERT\n   Vulnerability Note VU#940193. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for August 2010. The security\n   bulletin describes any known issues related to the updates. \n   Administrators are encouraged to note these issues and test for any\n   potentially adverse effects. Administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for August 2010 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx\u003e\n\n * Microsoft Security Bulletin MS10-046 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/MS10-046.mspx\u003e\n\n * US-CERT Vulnerability Note VU#940193 -\n   \u003chttp://www.kb.cert.org/vuls/id/940193\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA10-222A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA10-222A Feedback VU#505527\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2010 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n  August 10, 2010: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9\n5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+\nvgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP\n6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8\nat64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd\nILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ==\n=TqKf\n-----END PGP SIGNATURE-----\n. \n\n1) An error in the way Silverlight handles pointers can be exploited\nto corrupt memory by tricking a user into visiting a web site\ncontaining specially crafted Silverlight content. \n\n2) An error in the .NET Framework when the CLR (Common Language\nRuntime) handles delegates to virtual methods can be exploited by a\nspecially crafted .NET application or Silverlight application to\nexecute arbitrary unmanaged code. \n\nSOLUTION:\nApply patches. \n2) The vendor credits Eamon Nerbonne",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0019"
      },
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "db": "BID",
        "id": "42138"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42624"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0019",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA10-222A",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "42138",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "40647",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#940193",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "40872",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "41732",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA10-222A",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2057",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-091",
        "trust": 0.7
      },
      {
        "db": "MS",
        "id": "MS10-060",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-42624",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "91929",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92657",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92586",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42624"
      },
      {
        "db": "BID",
        "id": "42138"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0019"
      }
    ]
  },
  "id": "VAR-201008-0028",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42624"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:19:36.200000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS10-060",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/MS10-060.mspx"
      },
      {
        "title": "MS10-060",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms10-060.mspx"
      },
      {
        "title": "MS10-060e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/MS10-060e.mspx"
      },
      {
        "title": "TA10-222A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0019"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
      },
      {
        "trust": 1.0,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-060.mspx"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/40647/"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/2286198"
      },
      {
        "trust": 0.8,
        "url": "http://isc.sans.edu/diary.html?storyid=9190"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/41732"
      },
      {
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/967715"
      },
      {
        "trust": 0.8,
        "url": "http://www.anti-virus.by/en/tempo.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/00001986.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.f-secure.com/weblog/archives/00001987.html"
      },
      {
        "trust": 0.8,
        "url": "http://support.automation.siemens.com/ww/view/en/43876783"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0019"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2010/at100020.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta10-222a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0019"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/40872"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/42138"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa10-222a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/2057"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.6,
        "url": "http://www.nipc.org.cn/showvul.aspx?id=nipc-2010-2978"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.3,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40647/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40647"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/940193\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://twitter.com/secunia"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40872/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40872"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40872/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42624"
      },
      {
        "db": "BID",
        "id": "42138"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0019"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42624"
      },
      {
        "db": "BID",
        "id": "42138"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0019"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-07-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "date": "2010-08-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42624"
      },
      {
        "date": "2010-08-10T00:00:00",
        "db": "BID",
        "id": "42138"
      },
      {
        "date": "2010-09-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "date": "2010-07-18T11:49:03",
        "db": "PACKETSTORM",
        "id": "91929"
      },
      {
        "date": "2010-08-12T06:55:56",
        "db": "PACKETSTORM",
        "id": "92657"
      },
      {
        "date": "2010-08-10T09:26:56",
        "db": "PACKETSTORM",
        "id": "92586"
      },
      {
        "date": "2010-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      },
      {
        "date": "2010-08-11T18:47:49.813000",
        "db": "NVD",
        "id": "CVE-2010-0019"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-09-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#940193"
      },
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42624"
      },
      {
        "date": "2010-09-29T21:10:00",
        "db": "BID",
        "id": "42138"
      },
      {
        "date": "2010-09-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001910"
      },
      {
        "date": "2010-08-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      },
      {
        "date": "2024-11-21T01:11:21.110000",
        "db": "NVD",
        "id": "CVE-2010-0019"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Windows automatically executes code specified in shortcut files",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#940193"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-091"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2010-0019

Vulnerability from fkie_nvd

Published

2010-08-11 18:47

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060

Impacted products

Vendor	Product	Version
microsoft	silverlight	*
microsoft	silverlight	3.0.40624.00
microsoft	silverlight	3.0.40723.0
apple	mac_os_x	*
microsoft	silverlight	*
microsoft	silverlight	3.0.40624.00
microsoft	silverlight	3.0.40723.0
microsoft	silverlight	3.0.40818.0
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B8341A-C2AC-4C81-A7E7-D79C8970027C",
              "versionEndIncluding": "3.0.40818.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5F951F-6DCB-4651-A99A-C7237025E00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAF6291-8E80-4DE5-820C-BA9778822194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D084CE43-A992-456C-A431-5D14EE6AF430",
              "versionEndIncluding": "3.0.50106.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5F951F-6DCB-4651-A99A-C7237025E00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAF6291-8E80-4DE5-820C-BA9778822194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB865CD-A8EC-4341-9DF8-D4D92351EE1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Silverlight v3 anterior a v3.0.50611.0 en Windows, y anterior a v3.0.41130.0 en Mac OS X, no maneja punteros adecuadamente, lo que permite a atacantes remotos, ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria e indisponibilidad del marco de trabajo o \"framework\") a trav\u00e9s de un sitio web manipulado. Tambi\u00e9n conocido como \"Microsoft Silverlight Memory Corruption Vulnerability.\""
    }
  ],
  "id": "CVE-2010-0019",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-11T18:47:49.813",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-AVI-376

Vulnerability from certfr_avis

Plusieurs vulnérabilités de Microsoft .NET Framework et Microsoft Silverlight permettent l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités dans Microsoft .NET Framework et Microsoft Silverlight permettent l'exécution de code arbitraire à distance au moyen d'applications .NET ou de pages web spécialement conçues. Une personne malintentionnée peut également exécuter du code arbitraire s'il peut télécharger et exécuter une page ASP.NET sur un serveur IIS vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft .NET Framework 2.0 Service Pack 2 ;
Microsoft	N/A	Microsoft .NET Framework 3.5 Service Pack 1 ;
Microsoft	N/A	Microsoft Silverlight 3.
Microsoft	N/A	Microsoft .NET Framework 3.5 ;
Microsoft	N/A	Microsoft .NET Framework 3.5.1 ;
Microsoft	N/A	Microsoft Silverlight 2 ;

References

Title

Publication Time

gsd-2010-0019

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-0019

Aliases

CVE-2010-0019

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0019",
    "description": "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\"",
    "id": "GSD-2010-0019"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0019"
      ],
      "details": "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\"",
      "id": "GSD-2010-0019",
      "modified": "2023-12-13T01:21:29.130440Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-0019",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA10-222A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "name": "MS10-060",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.40818.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40624.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40723.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:3.0.40818.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:silverlight:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.50106.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-0019"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-222A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
            },
            {
              "name": "MS10-060",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:56Z",
      "publishedDate": "2010-08-11T18:47Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-0019 (GCVE-0-2010-0019)

Vulnerability from cvelistv5

ghsa-7xgr-cxmr-5q3f

Vulnerability from github

var-201008-0028

Vulnerability from variot

fkie_cve-2010-0019

Vulnerability from fkie_nvd

CERTA-2010-AVI-376

Vulnerability from certfr_avis

Description

Solution

gsd-2010-0019

Vulnerability from gsd

Tags

Sightings

Nomenclature