CVE-2010-0278
published 2010-01-12CVE-2010-0278: A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
8.31%
94.2th percentile
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_live_messenger | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL EXPLOIT Alternate Data streams ASP file access attempt
suricata·2010-09-23
CVE-1999-0278 GPL EXPLOIT Alternate Data streams ASP file access attempt
GPL EXPLOIT Alternate Data streams ASP file access attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL EXPLOIT Alternate Data streams ASP file access attempt"; flow:established,to_server; http.uri; content:".asp|3A 3A 24|DATA"; nocase; reference:bugtraq,149; reference:cve,1999-0278; reference:nessus,10362; reference:url,support.microsoft.com/default.aspx?scid=kb#-#-EN-US#-#-q188806; classtype:web-application-attack; sid:2100975; rev:16; metadata:created_at 2010_09_23, signature_severity Major, updated_at 2024_03_08;)
No writeups or analysis indexed.
2010-01-12
Published