ID

VAR-201008-0131


CVE

CVE-2010-1898


TITLE

Microsoft Windows automatically executes code specified in shortcut files

Trust: 0.8

sources: CERT/CC: VU#940193

DESCRIPTION

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Mac OS X is an operating system used on Mac machines, based on the BSD system. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Microsoft Windows Shell Shortcut Parsing Vulnerability SECUNIA ADVISORY ID: SA40647 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40647 RELEASE DATE: 2010-07-17 DISCUSS ADVISORY: http://secunia.com/advisories/40647/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40647/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40647 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk) as certain parameters are not properly validated when attempting to load the icon. This can be exploited to automatically execute a program via a specially crafted shortcut. Successful exploitation requires that a user is e.g. tricked into inserting a removable media (when AutoPlay is enabled) or browse to the root folder of the removable media (when AutoPlay is disabled) using Windows Explorer or a similar file manager. Exploitation may also be possible via network shares and WebDAV shares. NOTE: This is currently being actively exploited in the wild via infected USB drives. SOLUTION: The vendor recommends disabling the displaying of icons for shortcuts (please see the Microsoft security advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2286198.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. Microsoft has released updates to address the vulnerabilities. One of the bulletins released, MS10-046, addresses a previously identified vulnerability in the Windows Shell that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#940193. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for August 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx> * Microsoft Security Bulletin MS10-046 - <http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx> * US-CERT Vulnerability Note VU#940193 - <http://www.kb.cert.org/vuls/id/940193> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-222A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-222A Feedback VU#505527" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 10, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9 5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+ vgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP 6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8 at64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd ILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ== =TqKf -----END PGP SIGNATURE----- . 1) An error in the way Silverlight handles pointers can be exploited to corrupt memory by tricking a user into visiting a web site containing specially crafted Silverlight content. SOLUTION: Apply patches. 2) The vendor credits Eamon Nerbonne

Trust: 2.97

sources: NVD: CVE-2010-1898 // CERT/CC: VU#940193 // JVNDB: JVNDB-2010-001913 // BID: 42295 // VULHUB: VHN-44503 // PACKETSTORM: 91929 // PACKETSTORM: 92657 // PACKETSTORM: 92586

AFFECTED PRODUCTS

vendor:microsoftmodel:.net frameworkscope:eqversion:2.0

Trust: 2.1

vendor:microsoftmodel:silverlightscope:eqversion:3.0.40818.0

Trust: 1.6

vendor:microsoftmodel:silverlightscope:eqversion:3.0.40624.00

Trust: 1.6

vendor:microsoftmodel:silverlightscope:eqversion:2.0.40115.00

Trust: 1.6

vendor:microsoftmodel:silverlightscope:eqversion:3.0.40723.0

Trust: 1.6

vendor:microsoftmodel:silverlightscope:eqversion:2.0.31005.00

Trust: 1.6

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5.1

Trust: 1.3

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5

Trust: 1.3

vendor:microsoftmodel:silverlightscope:lteversion:3.0.50106.0

Trust: 1.0

vendor:microsoftmodel:silverlightscope:lteversion:3.0.40818.0

Trust: 1.0

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:silverlightscope:eqversion:2

Trust: 0.8

vendor:microsoftmodel:silverlightscope:eqversion:3

Trust: 0.8

vendor:microsoftmodel:silverlightscope:eqversion:3.0.50106.0

Trust: 0.6

vendor:microsoftmodel:silverlightscope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:silverlightscope:eqversion:2.0

Trust: 0.3

vendor:microsoftmodel:.net framework sp1scope:eqversion:3.5

Trust: 0.3

vendor:microsoftmodel:.net framework sp2scope:eqversion:2.0

Trust: 0.3

vendor:microsoftmodel:.net framework sp1scope:eqversion:2.0

Trust: 0.3

sources: CERT/CC: VU#940193 // BID: 42295 // JVNDB: JVNDB-2010-001913 // CNNVD: CNNVD-201008-105 // NVD: CVE-2010-1898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1898
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#940193
value: 72.90

Trust: 0.8

NVD: CVE-2010-1898
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201008-105
value: CRITICAL

Trust: 0.6

VULHUB: VHN-44503
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1898
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44503
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#940193 // VULHUB: VHN-44503 // JVNDB: JVNDB-2010-001913 // CNNVD: CNNVD-201008-105 // NVD: CVE-2010-1898

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-44503 // JVNDB: JVNDB-2010-001913 // NVD: CVE-2010-1898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-105

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201008-105

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001913

PATCH

title:MS10-060url:http://www.microsoft.com/technet/security/bulletin/MS10-060.mspx

Trust: 0.8

title:MS10-060url:http://www.microsoft.com/japan/technet/security/bulletin/ms10-060.mspx

Trust: 0.8

title:MS10-060eurl:http://www.microsoft.com/japan/security/bulletins/MS10-060e.mspx

Trust: 0.8

title:TA10-222Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html

Trust: 0.8

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39800

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39804

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39808

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39812

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39816

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39820

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39824

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39828

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39832

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39836

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39840

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39792

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39796

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39845

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39849

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39853

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39857

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39861

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39865

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39869

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39873

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39877

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39799

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39803

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39807

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39811

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39815

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39819

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39823

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39827

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39831

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39835

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39839

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39795

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39844

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39848

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39852

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39856

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39860

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39864

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39868

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39872

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39876

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39802

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39806

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39810

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39814

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39818

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39822

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39826

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39830

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39834

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39838

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39842

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39794

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39798

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39843

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39847

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39851

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39855

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39846

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39850

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39854

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39858

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39862

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39866

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39870

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39874

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39878

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39829

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39833

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39837

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39841

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39793

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39797

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39801

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39805

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39809

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39813

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39817

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39821

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39825

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39891

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39883

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39887

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39882

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39886

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39890

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39893

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39885

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39889

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39892

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39884

Trust: 0.6

title:Security Update for Microsoft Silverlight (KB978464)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39888

Trust: 0.6

title:Silverlight 4 (4.0.50524.0)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39879

Trust: 0.6

title:Silverlight 4 (4.0.50524.0)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39881

Trust: 0.6

title:Silverlight 4 (4.0.50524.0)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39880

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39859

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39863

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39867

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39871

Trust: 0.6

title:Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39875

Trust: 0.6

sources: JVNDB: JVNDB-2010-001913 // CNNVD: CNNVD-201008-105

EXTERNAL IDS

db:NVDid:CVE-2010-1898

Trust: 2.8

db:USCERTid:TA10-222A

Trust: 2.0

db:BIDid:42295

Trust: 1.2

db:NSFOCUSid:15600

Trust: 1.2

db:SECUNIAid:40647

Trust: 0.9

db:CERT/CCid:VU#940193

Trust: 0.9

db:SECUNIAid:40872

Trust: 0.9

db:BIDid:41732

Trust: 0.8

db:USCERTid:SA10-222A

Trust: 0.8

db:VUPENid:ADV-2010-2057

Trust: 0.8

db:JVNDBid:JVNDB-2010-001913

Trust: 0.8

db:CNNVDid:CNNVD-201008-105

Trust: 0.7

db:MSid:MS10-060

Trust: 0.6

db:VULHUBid:VHN-44503

Trust: 0.1

db:PACKETSTORMid:91929

Trust: 0.1

db:PACKETSTORMid:92657

Trust: 0.1

db:PACKETSTORMid:92586

Trust: 0.1

sources: CERT/CC: VU#940193 // VULHUB: VHN-44503 // BID: 42295 // JVNDB: JVNDB-2010-001913 // PACKETSTORM: 91929 // PACKETSTORM: 92657 // PACKETSTORM: 92586 // CNNVD: CNNVD-201008-105 // NVD: CVE-2010-1898

REFERENCES

url:http://www.us-cert.gov/cas/techalerts/ta10-222a.html

Trust: 1.9

url:http://www.microsoft.com/technet/security/advisory/2286198.mspx

Trust: 1.7

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12033

Trust: 1.1

url:http://www.microsoft.com/technet/security/bulletin/ms10-060.mspx

Trust: 1.0

url:http://secunia.com/advisories/40647/

Trust: 0.9

url:http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx

Trust: 0.8

url:http://support.microsoft.com/kb/2286198

Trust: 0.8

url:http://isc.sans.edu/diary.html?storyid=9190

Trust: 0.8

url:http://www.securityfocus.com/bid/41732

Trust: 0.8

url:http://support.microsoft.com/kb/967715

Trust: 0.8

url:http://www.anti-virus.by/en/tempo.shtml

Trust: 0.8

url:http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/

Trust: 0.8

url:http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf

Trust: 0.8

url:http://www.f-secure.com/weblog/archives/00001986.html

Trust: 0.8

url:http://www.f-secure.com/weblog/archives/00001987.html

Trust: 0.8

url:http://support.automation.siemens.com/ww/view/en/43876783

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1898

Trust: 0.8

url:http://www.jpcert.or.jp/at/2010/at100020.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnta10-222a

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1898

Trust: 0.8

url:http://secunia.com/advisories/40872

Trust: 0.8

url:http://www.securityfocus.com/bid/42295

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa10-222a.html

Trust: 0.8

url:http://www.vupen.com/english/advisories/2010/2057

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/#topics

Trust: 0.8

url:http://www.nipc.org.cn/showvul.aspx?id=nipc-2010-2992

Trust: 0.6

url:http://www.nsfocus.net/vulndb/15600

Trust: 0.6

url:http://www.microsoft.com

Trust: 0.3

url:http://secunia.com/products/corporate/evm/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:http://secunia.com/advisories/40647/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=40647

Trust: 0.1

url:http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf

Trust: 0.1

url:http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta10-222a.html>

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/940193>

Trust: 0.1

url:http://www.us-cert.gov/cas/signup.html>.

Trust: 0.1

url:http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx>

Trust: 0.1

url:http://technet.microsoft.com/en-us/wsus/default.aspx>

Trust: 0.1

url:http://twitter.com/secunia

Trust: 0.1

url:http://secunia.com/advisories/40872/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=40872

Trust: 0.1

url:http://secunia.com/advisories/40872/

Trust: 0.1

sources: CERT/CC: VU#940193 // VULHUB: VHN-44503 // BID: 42295 // JVNDB: JVNDB-2010-001913 // PACKETSTORM: 91929 // PACKETSTORM: 92657 // PACKETSTORM: 92586 // CNNVD: CNNVD-201008-105 // NVD: CVE-2010-1898

CREDITS

Eamon Nerbonne

Trust: 0.3

sources: BID: 42295

SOURCES

db:CERT/CCid:VU#940193
db:VULHUBid:VHN-44503
db:BIDid:42295
db:JVNDBid:JVNDB-2010-001913
db:PACKETSTORMid:91929
db:PACKETSTORMid:92657
db:PACKETSTORMid:92586
db:CNNVDid:CNNVD-201008-105
db:NVDid:CVE-2010-1898

LAST UPDATE DATE

2024-08-14T12:26:49.974000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#940193date:2010-09-09T00:00:00
db:VULHUBid:VHN-44503date:2018-10-12T00:00:00
db:BIDid:42295date:2010-09-29T21:10:00
db:JVNDBid:JVNDB-2010-001913date:2010-09-01T00:00:00
db:CNNVDid:CNNVD-201008-105date:2021-07-13T00:00:00
db:NVDid:CVE-2010-1898date:2018-10-12T21:57:47.077

SOURCES RELEASE DATE

db:CERT/CCid:VU#940193date:2010-07-15T00:00:00
db:VULHUBid:VHN-44503date:2010-08-11T00:00:00
db:BIDid:42295date:2010-08-10T00:00:00
db:JVNDBid:JVNDB-2010-001913date:2010-09-01T00:00:00
db:PACKETSTORMid:91929date:2010-07-18T11:49:03
db:PACKETSTORMid:92657date:2010-08-12T06:55:56
db:PACKETSTORMid:92586date:2010-08-10T09:26:56
db:CNNVDid:CNNVD-201008-105date:2010-08-16T00:00:00
db:NVDid:CVE-2010-1898date:2010-08-11T18:47:50.250