← voltar
CVE-2010-0027

CVE-2010-0027

EPSS 34.0%
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/33552não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-007https://exchange.xforce.ibmcloud.com/vulnerabilities/55773https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8464http://www.securityfocus.com/archive/1/509470/100/0/threadedhttp://www.us-cert.gov/cas/techalerts/TA10-040A.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-10-016/