mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
156 lines
5.7 KiB
JSON
156 lines
5.7 KiB
JSON
{
|
|
"id": "CVE-2010-0240",
|
|
"sourceIdentifier": "secure@microsoft.com",
|
|
"published": "2010-02-10T18:30:01.470",
|
|
"lastModified": "2024-11-21T01:11:49.680",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka \"Header MDL Fragmentation Vulnerability.\""
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La implementaci\u00f3n TCP/IP en Microsoft Windows Vista Gold, SP1, y SP2 y Server 2008 Gold y SP2, cuando se usa un driver de red personalizado, no maneja adecuadamente la fragmentaci\u00f3n local del Encapsulating Security Payload (ESP) sobre los paquetes UDP, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n. Tambi\u00e9n conocida como \"Vulnerabilidad de Header MDL Fragmentation (fragmentaci\u00f3n de cabecera MDL)\"."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"baseScore": 10.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": true,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-94"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
|
|
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
|
|
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
|
|
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
|
|
"matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
|
|
"matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:gold:itanium:*:*:*:*:*",
|
|
"matchCriteriaId": "5AEA67EA-C788-4CF2-9246-01475302238E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
|
|
"matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
|
|
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html",
|
|
"source": "secure@microsoft.com",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-009",
|
|
"source": "secure@microsoft.com"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8400",
|
|
"source": "secure@microsoft.com"
|
|
},
|
|
{
|
|
"url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-009",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8400",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |