CVE-2010-2265
published 2010-06-15CVE-2010-2265: Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and…
PriorityP432medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
20.99%
97.3th percentile
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)
exploitdb·2010-11-24
CVE-2009-2265 ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)
ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)
---
##
# $Id: coldfusion_fckeditor.rb 11127 2010-11-24 19:35:38Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'ColdFusion 8.0.1 Arbitrary File Upload and Execute',
'Description' => %q{
This module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload
and Execute vulnerability.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 11127 $',
'Platform' => 'win',
'Privileged' => true,
'References' =>
[
[ 'CVE', '2009-2265' ],
[
Exploit-DB
Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)
exploitdb·2010-09-20
CVE-2005-2265 Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)
Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)
---
##
# $Id: mozilla_compareto.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 HttpClients::FF,
:ua_minver => "1.0",
:ua_maxver => "1.7.10",
:os_name => OperatingSystems::WINDOWS,
:javascript => true,
:rank => NormalRanking, # reliable memory corruption
:vuln_test => "if (typeof InstallVersion != 'undefined') { is_vuln = true; }",
})
def initialize(info = {})
super(update_info(info,
'Name' => 'Mozilla Suite/Firefox InstallV
Exploit-DB
Microsoft Help and Support Center - '/sysinfo/sysinfomain.htm' Cross-Site Scripting
exploitdb·2010-06-10
CVE-2010-2265 Microsoft Help and Support Center - '/sysinfo/sysinfomain.htm' Cross-Site Scripting
Microsoft Help and Support Center - '/sysinfo/sysinfomain.htm' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/40721/info
Help and Support Center is prone to a cross-site scripting weakness because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the privileged zone of the browser of an unsuspecting user.
NOTE: This issue is a weakness because the affected file is only accessible by trusted sources unless other vulnerabilities, such as BID 40725 (Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability) are used to bypass the restrictions. This weakness may then be used to execute script code in the privileged zone of the browser by unauthorized sites.
The fo
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.htmlhttp://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspxhttp://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspxhttp://secunia.com/advisories/40076http://www.kb.cert.org/vuls/id/578319http://www.microsoft.com/technet/security/advisory/2219475.mspxhttp://www.securityfocus.com/archive/1/511774/100/0/threadedhttp://www.securityfocus.com/bid/40721http://www.vupen.com/english/advisories/2010/1417https://exchange.xforce.ibmcloud.com/vulnerabilities/59267http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.htmlhttp://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspxhttp://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspxhttp://secunia.com/advisories/40076http://www.kb.cert.org/vuls/id/578319http://www.microsoft.com/technet/security/advisory/2219475.mspxhttp://www.securityfocus.com/archive/1/511774/100/0/threadedhttp://www.securityfocus.com/bid/40721http://www.vupen.com/english/advisories/2010/1417https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
2010-06-15
Published