MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution (981210)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has multiple code execution vulnerabilities.

Description :

The version of Windows running on the remote host has vulnerabilities
in the Windows Authenticode Signature mechanism. Modifying an
existing signed executable or cabinet file can result in arbitrary
code execution.

A remote attacker could exploit this by tricking a user into executing
or opening a maliciously crafted file, resulting in arbitrary code
execution.

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS10-019

Solution :

Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista, 2008, 7, and 2008 R2.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 45506 ()

Bugtraq ID: 39328
39332

CVE ID: CVE-2010-0486
CVE-2010-0487