9.3

CVE-2010-0487

The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Version-
MicrosoftWindows 2000 Updatesp4
MicrosoftWindows Xp Updatesp2
MicrosoftWindows Xp Updatesp3
MicrosoftWindows Xp Version- Updatesp2 Editionx64
MicrosoftWindows 2003 Server Updatesp2 Editionitanium
MicrosoftWindows Server 2008 Editionitanium
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp2 Editionitanium
MicrosoftWindows Server 2008 Version- Updatesp2 Editionx64
MicrosoftWindows Server 2008 Version- Updatesp2 Editionx86
MicrosoftWindows Vista Editionx64
MicrosoftWindows Vista Updatesp1
MicrosoftWindows Vista Updatesp2
MicrosoftWindows Vista Version- Updatesp1
MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Server 2008 Updater2 Editionitanium
MicrosoftWindows Server 2008 Updater2 Editionx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 41.04% 0.973
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.