Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2010-3227
HistoryOct 26, 2010 - 10:00 p.m.

CVE-2010-3227

2010-10-2622:00:01
CWE-119
microsoft
web.nvd.nist.gov
37
cve-2010-3227
buffer overflow
mfc library
security vulnerability
microsoft windows xp
windows server
windows vista
windows 7
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.719

Percentile

98.1%

JSON

Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka “Windows MFC Document Title Updating Buffer Overflow Vulnerability.”

Affected configurations

Nvd
Node
microsoftwindows_7
OR
microsoftwindows_server_2003Match-sp2
OR
microsoftwindows_server_2008Match-r2x64
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpMatch-
OR
microsoftwindows_xpMatchsp3
VendorProductVersionCPE
microsoftwindows_7*cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
microsoftwindows_server_2003-cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:r2:*:*:*:*:x64:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
microsoftwindows_xpsp3cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*

Related

openvas 2
nvd 2
cvelist 1
nessus 1
prion 2
securityvulns 2
cve 1
exploitdb 1
openvas
openvas
Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
2010-10-13 00:00:00
Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
2010-10-13 00:00:00
nvd
nvd
CVE-2010-3227
2010-10-26 22:00:01
CVE-2010-3885
2010-10-08 22:00:01
cvelist
cvelist
CVE-2010-3227
2010-10-26 21:00:00
nessus
nessus
MS10-074: Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
2010-10-13 00:00:00
prion
prion
Stack overflow
2010-10-26 22:00:00
Design/Logic Flaw
2010-10-08 22:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS10-074 - Moderate Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
2010-10-13 00:00:00
Microsoft Windows multiple security vulnerabilities
2010-10-13 00:00:00
cve
cve
CVE-2010-3885
2010-10-08 22:00:01
exploitdb
exploitdb
PowerZip 7.21 (Build 4010) - Stack Buffer Overflow
2010-06-18 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.719

Percentile

98.1%

JSON
Related for CVE-2010-3227
openvas2nvd2cvelist1nessus1prion2securityvulns2cve1exploitdb1