The Three CVEs that You’re Not Paying Attention to (But Probably Should)

Jun 17, 2015
Michael Roytman
Chief Data Scientist

Share with Your Network

The Risk I/O philosophy is all about fixing what matters – that is, using data to make decisions that make the most of the limited actions you can take in a day, a week, a month. It’s not about the sheer volume of vulnerabilities that your team closes — it’s closing the ones that reduce your overall risk the most.

Sometimes, the vulnerabilities that get the most attention aren’t the ones that represent the greatest threat. In my research, I’ve discovered a series of vulnerabilities that aren’t sexy, and don’t hog the spotlight–but in many environments actually represent major weaknesses. In fact, these three vulnerabilities have each been exploited over 100,000 times in 2014 alone!

The vulns I want to highlight are CVE-2010-3055, CVE-2002-0649, and CVE-2000-1209. They don’t have cutesy publicized names, so it might be a bit boring to talk about them. But you know what? If other people get to put ridiculous code names on their vulns, then I get to do the same thing. So let’s take a look.

Vulnerability CVE-2010-30551 Poster. CVE-2010-3055 has been exploited 121,000 times in 2014. Let’s call it the Poster vulnerability. It allows attackers to run arbitrary code in phpmyadmin via a POST request, and phpmyadmin runs millions of sites worldwide. It’s a CVSS 7.5, which means it’s bound to fly under the radar more often than not. But it shouldn’t. Security teams need to start worrying about Poster!

Vulnerability CVE-200-12092. Slammer. I’m calling CVE-2002-0649 the Slammervulnerability. It’s an ancient worm that exploits SQL Server 2000 and Microsoft Desktop Engine 2000. Reading the wikipedia article on the worm ( makes it seem like it’s a long forgotten problem, but we’ve seen 156,000 successful exploitations in 2014. It’s not new, it’s not hip, it’s not current, so one talks about it–but it’s a significant threat.

Vulnerability CVE-2002-06493. Enterprise. Last up is Enterprise, which exploits (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, and are exploited by the Voyager Alpha worm. CVE-2000-1209 is also not to be forgotten, with 272,000 successful exploitations. Resistance is futile?

To name something is to have power over it – but it’s the quiet ones that you need to be worried about. Pay less attention to the flashy, glitzy vulnerabilities and pay more to the ones that are truly a lurking threat.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.