Windows : Microsoft Bulletins : Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900227

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS10-007.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-007.

Vulnerability Insight:
An error exists due to incorrect validation of input sent to the ShellExecute
API function. Remote attacker could exploit this vulnerability to execute a
binary from the local client system by making a victim to click on a specially-crafted URL.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute a binary
from the local client system.

Affected Software/OS:
- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0027
Bugtraq: 20100209 ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/509470/100/0/threaded
Cert/CC Advisory: TA10-040A
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
http://www.zerodayinitiative.com/advisories/ZDI-10-016/
Microsoft Security Bulletin: MS10-002
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002
Microsoft Security Bulletin: MS10-007
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8464
XForce ISS Database: ie-url-code-execution(55773)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55773

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900227
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS10-007.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-007. Vulnerability Insight: An error exists due to incorrect validation of input sent to the ShellExecute API function. Remote attacker could exploit this vulnerability to execute a binary from the local client system by making a victim to click on a specially-crafted URL. Vulnerability Impact: Successful exploitation will allow remote attackers to execute a binary from the local client system. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K3 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0027 Bugtraq: 20100209 ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/509470/100/0/threaded Cert/CC Advisory: TA10-040A http://www.us-cert.gov/cas/techalerts/TA10-040A.html http://www.zerodayinitiative.com/advisories/ZDI-10-016/ Microsoft Security Bulletin: MS10-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 Microsoft Security Bulletin: MS10-007 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8464 XForce ISS Database: ie-url-code-execution(55773) https://exchange.xforce.ibmcloud.com/vulnerabilities/55773
Copyright	Copyright (C) 2010 Greenbone AG