Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-2746

EPSS 73.72% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-2746

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows Comctl32.dll堆缓冲区溢出漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Comctl32.dll是Windows应用程序公用GUI图形用户界面模块。 Microsoft Windows XP SP2和SP3版本,Windows Server 2003 SP2版本,Windows Vista SP1和SP2版本,Windows Server 2008 Gold,SP2和R2版本,以及Windows 7中的Comctl32.dll(又名通用控制库)文件中存在基于堆的缓冲区溢出漏洞。当第三方SVG查看器启用时,远程攻击者可以借助特制HTML文档(该文档能够触发查看器中的相关信息)执
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2010-2746

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2010-2746

登录查看更多情报信息。

Same Patch Batch · n/a · 2010-10-13 · 86 CVEs total

CVE-2010-3217Microsoft Word指针远程代码执行漏洞
CVE-2010-3214Microsoft Word堆栈验证远程执行代码漏洞
CVE-2010-3215Microsoft Word返回值代码注入漏洞
CVE-2010-2750Microsoft Word和Office数组索引错误漏洞
CVE-2010-2745Microsoft Windows Media Player代码注入漏洞
CVE-2010-2744Microsoft Windows 权限许可和访问控制问题漏洞
CVE-2010-2741Microsoft Windows OpenType 字体 (OTF) 格式驱动程序特权提升漏洞
CVE-2010-2740Microsoft Windows OpenType Font (OTF)格式驱动权限提升漏洞
CVE-2010-1883Microsoft Windows Embedded OpenType (EOT)字体引擎整数溢出漏洞
CVE-2010-2747Microsoft Word 远程代码执行漏洞
CVE-2010-3216Microsoft Word和Office书签代码注入漏洞
CVE-2010-3218Microsoft Word堆溢出漏洞
CVE-2010-3219Microsoft Word索引解析漏洞
CVE-2010-3220Microsoft Word解析远程执行代码漏洞
CVE-2010-3221Microsoft Word解析代码注入漏洞
CVE-2010-3222Microsoft Windows LPC信息缓冲区过度消耗漏洞
CVE-2010-3223Microsoft Windows Failover Cluster Manager用户界面权限许可和访问控制漏洞
CVE-2010-3225Microsoft Media Player Network Sharing Service释放后使用漏洞
CVE-2010-3228Microsoft .NET Framework 代码注入漏洞
CVE-2010-3229Microsoft Windows Server 2008拒绝服务漏洞

Showing top 20 of 86 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2010-2746

No comments yet

Leave a comment