CVE-2010-0027
🔴 Łataj teraz
Wykonanie dowolnego programu lokalnego przez złośliwy URL w Internet Explorerze i Windows.
CVSS
9.3
EPSS
50.1%
Exploit
none
Vendor
microsoft
Opis źródłowy (NVD)
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 50.1% |
| Opublikowano (NVD) | 2010-01-22 22:00:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 01:13:23 UTC |
Referencje
- http://www.securityfocus.com/archive/1/509470/100/0/threaded (secure@microsoft.com)
- http://www.us-cert.gov/cas/techalerts/TA10-040A.html (secure@microsoft.com) [US Government Resource]
- http://www.zerodayinitiative.com/advisories/ZDI-10-016/ (secure@microsoft.com)
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 (secure@microsoft.com)
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-007 (secure@microsoft.com)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55773 (secure@microsoft.com)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8464 (secure@microsoft.com)