Advisories & Alerts

Date Reported: 2010/04/14
Name: MS10-026 - MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability - 2003
Risk: High
CVSS Base Score: 9.3
Description:
A remote code execution vulnerability exists in the way that Microsoft MPEG Layer-3 codecs handle AVI media files.
An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4203


Date Reported: 2010/04/14
Name: MS10-026 - MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability - XP
Risk: High
CVSS Base Score: 9.3
Description:
A remote code execution vulnerability exists in the way that Microsoft MPEG Layer-3 codecs handle AVI media files.
An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4202


Date Reported: 2010/04/14
Name: MS10-020 - SMB Client Response Parsing Vulnerability -2003
Risk: High
CVSS Base Score: 10
Description:
An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB)
client implementation parses specially crafted SMB transaction responses.An attacker who successfully exploited this
vulnerability could take complete control of the system.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4178


Date Reported: 2010/04/14
Name: MS10-020 - SMB Client Memory Allocation Vulnerability -2003
Risk: High
CVSS Base Score: 10
Description:
An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB)
client implementation allocates memory when parsing specially crafted SMB responses.An attacker who successfully
exploited this vulnerability could execute arbitrary code and take complete control of an affected system.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4177


Date Reported: 2010/04/14
Name: MS10-020 - SMB Client Memory Allocation Vulnerability -XP
Risk: High
CVSS Base Score: 10
Description:
An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB)
client implementation allocates memory when parsing specially crafted SMB responses.An attacker who successfully
exploited this vulnerability could execute arbitrary code and take complete control of an affected system.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4176


Date Reported: 2010/04/14
Name: MS10-020 - SMB Client Memory Allocation Vulnerability -2000
Risk: High
CVSS Base Score: 10
Description:
An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB)
client implementation allocates memory when parsing specially crafted SMB responses.An attacker who successfully
exploited this vulnerability could execute arbitrary code and take complete control of an affected system.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4175


Date Reported: 2010/04/14
Name: MS10-019 - Cabview Corruption Validation Vulnerability -2003
Risk: High
CVSS Base Score: 9.3
Description:
A remote code execution vulnerability exists in the Windows Authenticode Signature verification for cabinet (.cab) file
formats.An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4174


Date Reported: 2010/04/14
Name: MS10-019 - Cabview Corruption Validation Vulnerability -XP
Risk: High
CVSS Base Score: 9.3
Description:
A remote code execution vulnerability exists in the Windows Authenticode Signature verification for cabinet (.cab) file
formats.An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4173


Date Reported: 2010/04/14
Name: MS10-019 - Cabview Corruption Validation Vulnerability -2000
Risk: High
CVSS Base Score: 9.3
Description:
A remote code execution vulnerability exists in the Windows Authenticode Signature verification for cabinet (.cab) file
formats.An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4172


Date Reported: 2010/04/14
Name: MS10-019 - WinVerifyTrust Signature Validation Vulnerability -2003
Risk: High
CVSS Base Score: 9.3
Description:
A remote code execution vulnerability exists in the Windows Authenticode Signature Verification function used for
portable executable (PE) and cabinet file formats.An attacker who successfully exploited this vulnerability could take
complete control of an affected system.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4171


Date Reported: 2010/04/14
Name: MS10-019 - WinVerifyTrust Signature Validation Vulnerability -XP
Risk: High
CVSS Base Score: 9.3
Description:
A remote code execution vulnerability exists in the Windows Authenticode Signature Verification function used for
portable executable (PE) and cabinet file formats.An attacker who successfully exploited this vulnerability could take
complete control of an affected system.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4170


Date Reported: 2010/04/14
Name: MS10-019 - WinVerifyTrust Signature Validation Vulnerability -2000
Risk: High
CVSS Base Score: 9.3
Description:
A remote code execution vulnerability exists in the Windows Authenticode Signature Verification function used for
portable executable (PE) and cabinet file formats.An attacker who successfully exploited this vulnerability could take
complete control of an affected system.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4169


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Symbolic Link Creation Vulnerability - XP
Risk: High
CVSS Base Score: 6.9
Description:
An elevation of privilege vulnerability exists when the Windows kernel does not properly restrict symbolic link creation
between untrusted and trusted registry hives. An attacker who successfully exploited this vulnerability could run
arbitrary code in kernel mode.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4189


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Symbolic Link Creation Vulnerability - 2000
Risk: High
CVSS Base Score: 6.9
Description:
An elevation of privilege vulnerability exists when the Windows kernel does not properly restrict symbolic link creation
between untrusted and trusted registry hives. An attacker who successfully exploited this vulnerability could run
arbitrary code in kernel mode.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4188


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Memory Allocation Vulnerability -2003
Risk: High
CVSS Base Score: 6.9
Description:
An elevation of privilege vulnerability exists in the Windows kernel due to the manner in which memory is allocated
when extracting a symbolic link from a registry key. An attacker who successfully exploited this vulnerability could
run arbitrary code in kernel mode.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4187


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Memory Allocation Vulnerability -XP
Risk: High
CVSS Base Score: 6.9
Description:
An elevation of privilege vulnerability exists in the Windows kernel due to the manner in which memory is allocated
when extracting a symbolic link from a registry key. An attacker who successfully exploited this vulnerability could
run arbitrary code in kernel mode.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4186


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Memory Allocation Vulnerability -2000
Risk: High
CVSS Base Score: 6.9
Description:
An elevation of privilege vulnerability exists in the Windows kernel due to the manner in which memory is allocated
when extracting a symbolic link from a registry key. An attacker who successfully exploited this vulnerability could
run arbitrary code in kernel mode.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4185


Date Reported: 2010/04/14
Name: MS10-024 - SMTP Memory Allocation Vulnerability - 2003
Risk: Medium
CVSS Base Score: 7.8
Description:
An information disclosure vulnerability exists in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) component
due to the manner in which the SMTP component handles memory allocation.An attacker who successfully exploited this
vulnerability could read random e-mail message fragments stored on the affected server.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4201


Date Reported: 2010/04/14
Name: MS10-024 - SMTP Memory Allocation Vulnerability - XP
Risk: Medium
CVSS Base Score: 7.8
Description:
An information disclosure vulnerability exists in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) component
due to the manner in which the SMTP component handles memory allocation.An attacker who successfully exploited this vulnerability could read random e-mail message fragments stored on the affected server.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4200


Date Reported: 2010/04/14
Name: MS10-024 - SMTP Memory Allocation Vulnerability - 2000
Risk: Medium
CVSS Base Score: 7.8
Description:
An information disclosure vulnerability exists in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) component
due to the manner in which the SMTP component handles memory allocation.An attacker who successfully exploited this
vulnerability could read random e-mail message fragments stored on the affected server.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4199


Date Reported: 2010/04/14
Name: MS10-024 - SMTP Server MX Record Vulnerability - 2003
Risk: Medium
Description:
A denial of service vulnerability exists in the way that the Microsoft Windows Simple Mail Transfer Protocol (SMTP)
component handles specially crafted DNS Mail Exchanger (MX) resource records.An attacker who successfully exploited
this vulnerability could cause the SMTP service to stop responding until restarted.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4198


Date Reported: 2010/04/14
Name: MS10-024 - SMTP Server MX Record Vulnerability - XP
Risk: Medium
Description:
A denial of service vulnerability exists in the way that the Microsoft Windows Simple Mail Transfer Protocol (SMTP)
component handles specially crafted DNS Mail Exchanger (MX) resource records.An attacker who successfully exploited
this vulnerability could cause the SMTP service to stop responding until restarted.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4197


Date Reported: 2010/04/14
Name: MS10-024 - SMTP Server MX Record Vulnerability - 2000
Risk: Medium
Description:
A denial of service vulnerability exists in the way that the Microsoft Windows Simple Mail Transfer Protocol (SMTP)
component handles specially crafted DNS Mail Exchanger (MX) resource records.An attacker who successfully exploited
this vulnerability could cause the SMTP service to stop responding until restarted.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4196


Date Reported: 2010/04/14
Name: MS10-022 - VBScript Help Keypress Vulnerability - 2003
Risk: Medium
CVSS Base Score: 5.1
Description:
A remote code execution vulnerability exists in the way that VBScript interacts with Windows Help files when using
Internet Explorer. An attacker who successfully exploited this vulnerability could take complete control of an
affected system.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4195


Date Reported: 2010/04/14
Name: MS10-022 - VBScript Help Keypress Vulnerability - XP
Risk: Medium
CVSS Base Score: 5.1
Description:
A remote code execution vulnerability exists in the way that VBScript interacts with Windows Help files when using
Internet Explorer. An attacker who successfully exploited this vulnerability could take complete control of an affected
system.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4194


Date Reported: 2010/04/14
Name: MS10-022 - VBScript Help Keypress Vulnerability - 2000
Risk: Medium
CVSS Base Score: 5.1
Description:
A remote code execution vulnerability exists in the way that VBScript interacts with Windows Help files when using
Internet Explorer. An attacker who successfully exploited this vulnerability could take complete control of an
affected system.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4193


Date Reported: 2010/04/14
Name: MS10-029 - ISATAP IPv6 Source Address Spoofing Vulnerability- 2003
Risk: Medium
CVSS Base Score: 4.3
Description:
A spoofing vulnerability exists in the Microsoft Windows IPv6 stack due to the way that Windows checks the inner
packet's IPv6 source address in a tunneled ISATAP packet. An attacker who successfully exploited this vulnerability
could impersonate an address to bypass edge or host firewalls. Additionally, information could be disclosed when
the targeted computer replies to the message using the source IPv6 address that the attacker specified.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4205


Date Reported: 2010/04/14
Name: MS10-029 - ISATAP IPv6 Source Address Spoofing Vulnerability- XP
Risk: Medium
CVSS Base Score: 4.3
Description:
A spoofing vulnerability exists in the Microsoft Windows IPv6 stack due to the way that Windows checks the inner
packet's IPv6 source address in a tunneled ISATAP packet. An attacker who successfully exploited this vulnerability
could impersonate an address to bypass edge or host firewalls. Additionally, information could be disclosed when
the targeted computer replies to the message using the source IPv6 address that the attacker specified.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4204


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Registry Key Vulnerability -2003
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the way that the Windows kernel validates registry keys. An attacker
could exploit the vulnerability by running a specially crafted application causing the system to become unresponsive
and automatically restart.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4192


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Registry Key Vulnerability -XP
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the way that the Windows kernel validates registry keys. An attacker
could exploit the vulnerability by running a specially crafted application causing the system to become unresponsive
and automatically restart.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4191


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Registry Key Vulnerability -2000
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the way that the Windows kernel validates registry keys. An attacker
could exploit the vulnerability by running a specially crafted application causing the system to become unresponsive
and automatically restart.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4190


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Symbolic Link Value Vulnerability -2003
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the Windows kernel due to the manner in which the kernel processes the
values of symbolic links. An attacker could exploit the vulnerability by running a specially crafted application
causing the system to become unresponsive and automatically restart.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4184


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Symbolic Link Value Vulnerability -XP
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the Windows kernel due to the manner in which the kernel processes the
values of symbolic links. An attacker could exploit the vulnerability by running a specially crafted application
causing the system to become unresponsive and automatically restart.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4183


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Symbolic Link Value Vulnerability -2000
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the Windows kernel due to the manner in which the kernel processes the
values of symbolic links. An attacker could exploit the vulnerability by running a specially crafted application
causing the system to become unresponsive and automatically restart.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4182


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Null Pointer Vulnerability -2003
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the Windows kernel due to the insufficient validation of registry keys
passed to a Windows kernel system call.An attacker could exploit the vulnerability by running a specially crafted
application, causing the system to become unresponsive and automatically restart.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4181


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Null Pointer Vulnerability -XP
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the Windows kernel due to the insufficient validation of registry keys
passed to a Windows kernel system call.An attacker could exploit the vulnerability by running a specially crafted
application, causing the system to become unresponsive and automatically restart.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4180


Date Reported: 2010/04/14
Name: MS10-021 - Windows Kernel Null Pointer Vulnerability -2000
Risk: Medium
CVSS Base Score: 4.7
Description:
A denial of service vulnerability exists in the Windows kernel due to the insufficient validation of registry keys
passed to a Windows kernel system call.An attacker could exploit the vulnerability by running a specially crafted
application, causing the system to become unresponsive and automatically restart.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4179


Date Reported: 2010/04/14
Name: Oracle Multiple Vulnerabilities-April 2010
Risk: Info
Description:
Oracle Database Server and HTTP Server are exist multiple vulnerabilities, Which allow remote attacker and local
attacker to exploit. include CVE-2010-0853, CVE-2010-0860, CVE-2010-0866, CVE-2010-0852, CVE-2010-0867, CVE-2010-0851,
CVE-2010-0870, CVE-2010-0854
Category: Oracle
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4206

--------------------------------------------------------------------------------------------------

Risk:
  High: Allow immediate remote, or local access or immediate execution of code or commands,
          with unauthorized privileges, and bypassing security on firewalls.
  Medium: Potential of granting access or allowing code execution by means of complex or 
          lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle 
          attacks, SQL injection, denial of service, information disclosure.
  Low: deny service or provide non-system information that could be used to formulate 
         structured attacks on a target, but not directly gain unauthorized access.
--------------------------------------------------------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved

';