CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.3 | $5k-$25k | 0.00 |
A vulnerability was found in Microsoft Windows 2000 (Operating System). It has been rated as problematic. This issue affects an unknown code block of the component mod_sql. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. The summary by CVE is:
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
The issue has been introduced in 02/17/2000. The weakness was published 02/02/2012 as not defined mailinglist post (Full-Disclosure). The advisory is shared at seclists.org. The identification of this vulnerability is CVE-2010-4562 since 12/20/2010. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $25k-$100k at the moment (estimation calculated on 04/14/2019). MITRE ATT&CK project uses the attack technique T1592 for this issue.
The vulnerability was handled as a non-public zero-day exploit for at least 4368 days. During that time the estimated underground price was around $25k-$100k.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Similar entry is available at VDB-60066.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.3
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
OpenVAS ID: 69327
OpenVAS Name: Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
02/17/2000 🔍12/20/2010 🔍
02/02/2012 🔍
02/02/2012 🔍
03/23/2015 🔍
04/14/2019 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: seclists.org
Status: Not defined
CVE: CVE-2010-4562 (🔍)
OVAL: 🔍
See also: 🔍
Entry
Created: 03/23/2015 16:50Updated: 04/14/2019 16:26
Changes: 03/23/2015 16:50 (54), 04/14/2019 16:26 (2)
Complete: 🔍
Cache ID: 18:D45:103
No comments yet. Languages: en.
Please log in to comment.