Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-0255
HistoryFeb 04, 2010 - 8:15 p.m.

CVE-2010-0255

2010-02-0420:15:49
CWE-264
[email protected]
web.nvd.nist.gov
58
cve-2010-0255
microsoft
internet explorer
javascript
exploit
security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.933 High

EPSS

Percentile

99.1%

JSON

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.

Affected configurations

NVD
Node
microsoftinternet_explorerMatch6
AND
microsoftwindows_server_2003
OR
microsoftwindows_server_2003sp1
OR
microsoftwindows_server_2003sp1itanium
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_xppro_x64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2pro_x64
OR
microsoftwindows_xpsp3
Node
microsoftinternet_explorerMatch7
AND
microsoftwindows_server_2003
OR
microsoftwindows_server_2003sp1
OR
microsoftwindows_server_2003sp1itanium
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008
OR
microsoftwindows_server_200832_bit
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_vista
OR
microsoftwindows_vistax64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistaMatchgold
OR
microsoftwindows_xpx64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2x64
OR
microsoftwindows_xpsp3
Node
microsoftinternet_explorerMatch5.01sp4
OR
microsoftinternet_explorerMatch6sp1
AND
microsoftwindows_2000sp4
Node
microsoftinternet_explorerMatch8
AND
microsoftwindows_2003_serversp2
OR
microsoftwindows_2003_serversp2itanium
OR
microsoftwindows_2003_serversp2x64
OR
microsoftwindows_7Match-
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008sp2x32
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_server_2008Matchr2itanium
OR
microsoftwindows_server_2008Matchr2x64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2x64

Related

cvelist 4
prion 4
nvd 4
openvas 9
canvas 1
checkpoint_advisories 3
coresecurity 3
securityvulns 10
seebug 4
packetstorm 2
cve 3
nessus 3
symantec 1
mskb 1
cvelist
cvelist
CVE-2010-0255
2010-02-04 19:00:00
CVE-2010-0555
2010-02-04 20:00:00
CVE-2008-1448
2008-08-13 00:00:00
prion
prion
Design/Logic Flaw
2010-02-04 20:15:00
Design/Logic Flaw
2010-02-04 20:15:00
Information disclosure
2008-08-13 00:41:00
nvd
nvd
CVE-2010-0255
2010-02-04 20:15:49
CVE-2010-0555
2010-02-04 20:15:25
CVE-2008-1448
2008-08-13 00:41:00
openvas
openvas
Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
2010-02-08 00:00:00
Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
2010-02-08 00:00:00
Security Update for Outlook Express (951066)
2008-08-19 00:00:00
canvas
canvas
Immunity Canvas: IE_DUMPFILES
2010-02-04 20:15:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer Response Redirect Information Disclosure (CVE-2010-0255)
2010-02-09 00:00:00
Microsoft Windows MHTML URL Parsing Information Disclosure (MS08-048; CVE-2008-1448)
2008-08-12 00:00:00
Internet Explorer History Index Script Injection (MS09-019; CVE-2009-1140)
2009-06-09 00:00:00
coresecurity
coresecurity
Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
2010-02-03 00:00:00
Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
2008-08-13 00:00:00
Internet Explorer Security Zone restrictions bypass
2009-06-09 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer information leak
2010-02-04 00:00:00
CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
2010-02-04 00:00:00
Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail (951066)
2008-08-12 00:00:00
seebug
seebug
Microsoft IE URLMON嗅探跨域信息泄露漏洞
2010-02-05 00:00:00
Microsoft IE动态OBJECT标签信息泄露漏洞
2010-02-04 00:00:00
Microsoft IE MHTML协议处理器跨域信息泄露漏洞(MS08-048)
2008-08-15 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0625
2010-02-04 00:00:00
Core Security Technologies Advisory 2008.0826
2009-06-10 00:00:00
cve
cve
CVE-2010-0555
2010-02-04 20:15:25
CVE-2008-1448
2008-08-13 00:41:00
CVE-2009-1140
2009-06-10 18:30:00
nessus
nessus
MS08-048: Security Update for Outlook Express and Windows Mail (951066)
2008-08-13 00:00:00
MS10-035: Cumulative Security Update for Internet Explorer (982381)
2010-06-09 00:00:00
MS09-019: Cumulative Security Update for Internet Explorer (969897)
2009-06-10 00:00:00
symantec
symantec
Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
2009-06-09 00:00:00
mskb
mskb
MS10-035: Cumulative security update for Internet Explorer
2014-06-21 13:52:45

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.933 High

EPSS

Percentile

99.1%

JSON
Related for CVE-2010-0255
cvelist4prion4nvd4openvas9canvas1checkpoint_advisories3coresecurity3securityvulns10seebug4packetstorm2cve3nessus3symantec1mskb1