VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
VRDA-100210-001
Microsoft Updates for Multiple Vulnerabilities
http://www.microsoft.com/japan/technet/security/bulletin/ms10-feb.mspx

This bulletin summary lists security bulletins released for February 2010.




About This Analysis Information
Analysis Information Provider:
 		JPCERT/CC
 		First Published:
 		2010-02-10
Source Information Category:
 		Advisory, Alert
 		Last Updated:
 		2010-02-10




Affected Product Tags
cpe:/a:microsoft:office:2003     (Microsoft Office 2003)
cpe:/a:microsoft:office:2007     (Microsoft Office 2007)
cpe:/o:microsoft:windows_2000     (Microsoft Windows 2000)
cpe:/o:microsoft:windows_server:2003     (Microsoft Windows Server 2003)
cpe:/o:microsoft:windows_server:2008     (Microsoft Windows Server 2008)
cpe:/o:microsoft:windows_vista     (Microsoft Windows Vista)
cpe:/o:microsoft:windows_xp     (Microsoft Windows XP)
lapt:/o:microsoft:windows_7     (Windows 7)
 


Vulnerability Analysis Results
[Information Source Reliability] [?]
Low [?]

Medium [?]
X High [?]
[Impact Level] [?]
Low [?]

Low-Medium [?]
Medium-High [?]
X High [?]
[Access Required] [?]
Physical [?]

Local [?]
Non-routed [?]
X Routed [?]
[Authentication] [?]
Privileged [?]

Standard [?]
Limited [?]
X None or Unnecessary [?]
[User Interaction Required] [?]
Complex [?]

X Simple [?]
None [?]
[Technical Difficulty] [?]
High [?]

Medium-High [?]
Low-Medium [?]
Low [?]
[Availability of Remediation] [?]
X Official Patch [?]

Official Workaround [?]
Unofficial Patch [?]
None [?]
[Incident Activity] [?]
X None [?]

Exploit or PoC [?]
Activity Observed [?]
Alternatives




References
Common Vulnerabilities and Exposures (CVE) CVE-2010-0016




Common Vulnerabilities and Exposures (CVE) CVE-2010-0017




Common Vulnerabilities and Exposures (CVE) CVE-2010-0020




Common Vulnerabilities and Exposures (CVE) CVE-2010-0021




Common Vulnerabilities and Exposures (CVE) CVE-2010-0022




Common Vulnerabilities and Exposures (CVE) CVE-2010-0023




Common Vulnerabilities and Exposures (CVE) CVE-2010-0026




Common Vulnerabilities and Exposures (CVE) CVE-2010-0027
The URL validation functionality in Microsoft Internet Explorer 7 and8 does not properly process input parameters, which allows remoteattackers to execute arbitrary local programs via a crafted URL, aka"URL Validation Vulnerability."




Common Vulnerabilities and Exposures (CVE) CVE-2010-0028




Common Vulnerabilities and Exposures (CVE) CVE-2010-0029




Common Vulnerabilities and Exposures (CVE) CVE-2010-0030




Common Vulnerabilities and Exposures (CVE) CVE-2010-0031




Common Vulnerabilities and Exposures (CVE) CVE-2010-0032




Common Vulnerabilities and Exposures (CVE) CVE-2010-0033




Common Vulnerabilities and Exposures (CVE) CVE-2010-0034




Common Vulnerabilities and Exposures (CVE) CVE-2010-0035




Common Vulnerabilities and Exposures (CVE) CVE-2010-0231




Common Vulnerabilities and Exposures (CVE) CVE-2010-0232
The kernel in Microsoft Windows NT 3.1 through Windows 7, includingWindows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2,Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold andSP2, when access to 16-bit applications is enabled on a 32-bit x86platform, does not properly validate certain BIOS calls, which allowslocal users to gain privileges by crafting a VDM_TIB data structure inthe Thread Environment Block (TEB), and then calling the NtVdmControlfunction to start the Windows Virtual DOS Machine (aka NTVDM)subsystem, leading to improperly handled exceptions involving the #GPtrap handler (aka nt!KiTrap0D).




Common Vulnerabilities and Exposures (CVE) CVE-2010-0233




Common Vulnerabilities and Exposures (CVE) CVE-2010-0239




Common Vulnerabilities and Exposures (CVE) CVE-2010-0240




Common Vulnerabilities and Exposures (CVE) CVE-2010-0241




Common Vulnerabilities and Exposures (CVE) CVE-2010-0242




Common Vulnerabilities and Exposures (CVE) CVE-2010-0243




Common Vulnerabilities and Exposures (CVE) CVE-2010-0250




Copyright © 2010 JPCERT/CC All Rights Reserved.