Vulnerabilities > CVE-2010-0811 - Code Injection vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
CWE-94
nessus
NVD
Published: 2010-06-08
Updated: 2023-12-07

Summary

Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
16

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Msbulletin

  • bulletin_idMS10-034
    bulletin_url
    date2010-06-08T00:00:00
    impactRemote Code Execution
    knowledgebase_id980195
    knowledgebase_url
    severityCritical
    titleCumulative Security Update of ActiveX Kill Bits
  • bulletin_idMS11-027
    bulletin_url
    date2011-04-12T00:00:00
    impactRemote Code Execution
    knowledgebase_id2508272
    knowledgebase_url
    severityCritical
    titleCumulative Security Update of ActiveX Kill Bits

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS10-034.NASL
    descriptionThe Microsoft Data Analyzer ActiveX control has a remote code execution vulnerability. The system may also have one or more vulnerable third-party ActiveX controls installed. A remote attacker could exploit these issues by tricking a user into requesting a maliciously crafted web page, resulting in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id46841
    published2010-06-09
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46841
    titleMS10-034: Cumulative Security Update of ActiveX Kill Bits (980195)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS11-027.NASL
    descriptionThe remote Windows host has one or more ActiveX controls installed that could be abused to execute arbitrary code remotely if a user can be tricked into viewing a malicious web page using Internet Explorer. Three of these controls are from Microsoft itself while the others are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.
    last seen2020-06-01
    modified2020-06-02
    plugin id53384
    published2011-04-13
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53384
    titleMS11-027: Cumulative Security Update of ActiveX Kill Bits (2508272)

Oval

  • accepted2014-05-05T04:00:12.162-04:00
    classvulnerability
    contributors
    • nameJosh Turpin
      organizationSymantec Corporation
    • nameJosh Turpin
      organizationSymantec Corporation
    • nameChandan S
      organizationSecPod Technologies
    • nameDragos Prisaca
      organizationSymantec Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    definition_extensions
    • commentMicrosoft Windows XP (x86) SP2 is installed
      ovaloval:org.mitre.oval:def:754
    • commentMicrosoft Windows XP (x86) SP3 is installed
      ovaloval:org.mitre.oval:def:5631
    • commentMicrosoft Windows XP x64 Edition SP2 is installed
      ovaloval:org.mitre.oval:def:4193
    • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
      ovaloval:org.mitre.oval:def:2161
    • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
      ovaloval:org.mitre.oval:def:1935
    • commentMicrosoft Windows Server 2003 (ia64) SP2 is installed
      ovaloval:org.mitre.oval:def:1442
    • commentMicrosoft Windows Vista (32-bit) Service Pack 1 is installed
      ovaloval:org.mitre.oval:def:4873
    • commentMicrosoft Windows Vista x64 Edition Service Pack 1 is installed
      ovaloval:org.mitre.oval:def:5254
    • commentMicrosoft Windows Server 2008 (32-bit) is installed
      ovaloval:org.mitre.oval:def:4870
    • commentMicrosoft Windows Server 2008 (64-bit) is installed
      ovaloval:org.mitre.oval:def:5356
    • commentMicrosoft Windows Server 2008 (ia-64) is installed
      ovaloval:org.mitre.oval:def:5667
    • commentMicrosoft Windows Vista (32-bit) is installed
      ovaloval:org.mitre.oval:def:1282
    • commentMicrosoft Windows Vista x64 Edition is installed
      ovaloval:org.mitre.oval:def:2041
    • commentMicrosoft Windows Vista (32-bit) Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:6124
    • commentMicrosoft Windows Vista x64 Edition Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:5594
    • commentMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:5653
    • commentMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:6216
    • commentMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:6150
    • commentMicrosoft Windows 7 (32-bit) is installed
      ovaloval:org.mitre.oval:def:6165
    • commentMicrosoft Windows 7 x64 Edition is installed
      ovaloval:org.mitre.oval:def:5950
    • commentMicrosoft Windows 7 (32-bit) Service Pack 1 is installed
      ovaloval:org.mitre.oval:def:12292
    • commentMicrosoft Windows 7 x64 Service Pack 1 is installed
      ovaloval:org.mitre.oval:def:12627
    • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
      ovaloval:org.mitre.oval:def:6438
    • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
      ovaloval:org.mitre.oval:def:5954
    • commentMicrosoft Windows Server 2008 R2 x64 Service Pack 1 is installed
      ovaloval:org.mitre.oval:def:12567
    • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
      ovaloval:org.mitre.oval:def:12583
    descriptionMultiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:12534
    statusaccepted
    submitted2010-02-08T13:00:00
    titleMicrosoft Internet Explorer 8 Developer Tools Vulnerability
    version31
  • accepted2010-07-19T04:00:48.737-04:00
    classvulnerability
    contributors
    • nameJosh Turpin
      organizationSymantec Corporation
    • nameJosh Turpin
      organizationSymantec Corporation
    • nameChandan S
      organizationSecPod Technologies
    • nameDragos Prisaca
      organizationSymantec Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    definition_extensions
    • commentMicrosoft Windows XP (x86) SP2 is installed
      ovaloval:org.mitre.oval:def:754
    • commentMicrosoft Windows XP (x86) SP3 is installed
      ovaloval:org.mitre.oval:def:5631
    • commentMicrosoft Windows XP x64 Edition SP2 is installed
      ovaloval:org.mitre.oval:def:4193
    • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
      ovaloval:org.mitre.oval:def:2161
    • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
      ovaloval:org.mitre.oval:def:1935
    • commentMicrosoft Windows Vista (32-bit) is installed
      ovaloval:org.mitre.oval:def:1282
    • commentMicrosoft Windows Vista x64 Edition is installed
      ovaloval:org.mitre.oval:def:2041
    • commentMicrosoft Windows Vista (32-bit) Service Pack 1 is installed
      ovaloval:org.mitre.oval:def:4873
    • commentMicrosoft Windows Vista x64 Edition Service Pack 1 is installed
      ovaloval:org.mitre.oval:def:5254
    • commentMicrosoft Windows Server 2008 (32-bit) is installed
      ovaloval:org.mitre.oval:def:4870
    • commentMicrosoft Windows Server 2008 (64-bit) is installed
      ovaloval:org.mitre.oval:def:5356
    • commentMicrosoft Windows Vista (32-bit) Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:6124
    • commentMicrosoft Windows Vista x64 Edition Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:5594
    • commentMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:5653
    • commentMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      ovaloval:org.mitre.oval:def:6216
    • commentMicrosoft Windows 7 (32-bit) is installed
      ovaloval:org.mitre.oval:def:6165
    • commentMicrosoft Windows 7 x64 Edition is installed
      ovaloval:org.mitre.oval:def:5950
    • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
      ovaloval:org.mitre.oval:def:6438
    • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
      ovaloval:org.mitre.oval:def:5954
    descriptions 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:7492
    statusdeprecated
    submitted2010-06-08T13:00:00
    titleDEPRECATED: Microsoft Internet Explorer 8 Developer Tools Vulnerability
    version29

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 40490 CVE ID: CVE-2010-0811 Internet Explorer Developer Tools ActiveX控件(iedvtool.dll)是Internet Explorer 8中所提供的调试工具。 Internet Explorer 8 Developer Tools ActiveX控件中存在内存破坏漏洞。攻击者可以通过创建特制的网页来利用这个漏洞,当用户查看网页时就会允许远程执行代码。成功利用这个漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 7 Microsoft Windows 2000 SP4 临时解决方法: * 对CLISD {8fe85d00-4647-40b9-87e4-5eb8a52f4759}设置kill bit。 * 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX控件和活动脚本之前进行提示。 * 将Internet和本地Intranet安全区域设置设为“高”,以便在这些区域中运行ActiveX控件和活动脚本之前进行提示。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS10-034)以及相应补丁: MS10-034:Cumulative Security Update of ActiveX Kill Bits (980195) 链接:http://www.microsoft.com/technet/security/bulletin/MS10-034.mspx?pf=true
idSSV:19771
last seen2017-11-19
modified2010-06-10
published2010-06-10
reporterRoot
titleMicrosoft IE Developer Tools ActiveX控件远程内存破坏漏洞(MS10-034)

References