16 lines
1020 B
Markdown
16 lines
1020 B
Markdown
|
# MS10-012
|
||
|
|
```
|
||
|
|
This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows.
|
||
|
|
The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request.
|
||
|
|
To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
|
||
|
|
```
|
||
|
|
|
||
|
|
Vulnerability reference:
|
||
|
|
* [MS10-012](https://technet.microsoft.com/library/security/ms10-012)
|
||
|
|
* [exp-db](https://www.exploit-db.com/exploits/12273/)
|
||
|
|
* [SMB 路径名溢出漏洞 - CVE-2010-0020](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0020)
|
||
|
|
* [SMB 内存损坏漏洞 - CVE-2010-0021](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0021)
|
||
|
|
* [SMB 空指针漏洞 - CVE-2010-0022](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0022)
|
||
|
|
* [SMB NTLM 身份验证缺少平均信息量漏洞 - CVE-2010-0231](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0231)
|
||
|
|
|