Computer Security

Microsoft Windows code execution
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Windows code execution
updated since 10.02.2010
Published:17.02.2010
Source:MICROSOFT
SecurityVulns ID:10605
Type:client
Level:7/10
Description:URL code injection.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability.")
Original documentdocumentBrett Moore, Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability (17.02.2010)
 documentZDI, ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-007 - Critical Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) (10.02.2010)
Files:Microsoft Security Bulletin MS10-007 - Critical Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru