Vulnerabilities > CVE-2010-0811 - Code Injection vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 16 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Msbulletin
bulletin_id MS10-034 bulletin_url date 2010-06-08T00:00:00 impact Remote Code Execution knowledgebase_id 980195 knowledgebase_url severity Critical title Cumulative Security Update of ActiveX Kill Bits bulletin_id MS11-027 bulletin_url date 2011-04-12T00:00:00 impact Remote Code Execution knowledgebase_id 2508272 knowledgebase_url severity Critical title Cumulative Security Update of ActiveX Kill Bits
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS10-034.NASL description The Microsoft Data Analyzer ActiveX control has a remote code execution vulnerability. The system may also have one or more vulnerable third-party ActiveX controls installed. A remote attacker could exploit these issues by tricking a user into requesting a maliciously crafted web page, resulting in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 46841 published 2010-06-09 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46841 title MS10-034: Cumulative Security Update of ActiveX Kill Bits (980195) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS11-027.NASL description The remote Windows host has one or more ActiveX controls installed that could be abused to execute arbitrary code remotely if a user can be tricked into viewing a malicious web page using Internet Explorer. Three of these controls are from Microsoft itself while the others are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer. last seen 2020-06-01 modified 2020-06-02 plugin id 53384 published 2011-04-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53384 title MS11-027: Cumulative Security Update of ActiveX Kill Bits (2508272)
Oval
accepted 2014-05-05T04:00:12.162-04:00 class vulnerability contributors name Josh Turpin organization Symantec Corporation name Josh Turpin organization Symantec Corporation name Chandan S organization SecPod Technologies name Dragos Prisaca organization Symantec Corporation name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:12292 comment Microsoft Windows 7 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12627 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954 comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12567 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:12583
description Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." family windows id oval:org.mitre.oval:def:12534 status accepted submitted 2010-02-08T13:00:00 title Microsoft Internet Explorer 8 Developer Tools Vulnerability version 31 accepted 2010-07-19T04:00:48.737-04:00 class vulnerability contributors name Josh Turpin organization Symantec Corporation name Josh Turpin organization Symantec Corporation name Chandan S organization SecPod Technologies name Dragos Prisaca organization Symantec Corporation name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954
description s 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." family windows id oval:org.mitre.oval:def:7492 status deprecated submitted 2010-06-08T13:00:00 title DEPRECATED: Microsoft Internet Explorer 8 Developer Tools Vulnerability version 29
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 40490 CVE ID: CVE-2010-0811 Internet Explorer Developer Tools ActiveX控件(iedvtool.dll)是Internet Explorer 8中所提供的调试工具。 Internet Explorer 8 Developer Tools ActiveX控件中存在内存破坏漏洞。攻击者可以通过创建特制的网页来利用这个漏洞,当用户查看网页时就会允许远程执行代码。成功利用这个漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 7 Microsoft Windows 2000 SP4 临时解决方法: * 对CLISD {8fe85d00-4647-40b9-87e4-5eb8a52f4759}设置kill bit。 * 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX控件和活动脚本之前进行提示。 * 将Internet和本地Intranet安全区域设置设为“高”,以便在这些区域中运行ActiveX控件和活动脚本之前进行提示。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS10-034)以及相应补丁: MS10-034:Cumulative Security Update of ActiveX Kill Bits (980195) 链接:http://www.microsoft.com/technet/security/bulletin/MS10-034.mspx?pf=true |
id | SSV:19771 |
last seen | 2017-11-19 |
modified | 2010-06-10 |
published | 2010-06-10 |
reporter | Root |
title | Microsoft IE Developer Tools ActiveX控件远程内存破坏漏洞(MS10-034) |
References
- http://www.us-cert.gov/cas/techalerts/TA10-159B.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7492
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12534
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-027
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-034