Lucene search

[email protected]CVE-2010-0267

HistoryMar 31, 2010 - 7:30 p.m.

CVE-2010-0267

2010-03-3119:30:00

CWE-94

[email protected]

web.nvd.nist.gov

microsoft

internet explorer

memory corruption

vulnerability

cve-2010-0267

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.854 High

EPSS

Percentile

98.6%

JSON

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka “Uninitialized Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftinternet_explorerMatch7

AND

microsoftwindows_2003_serversp2itanium

microsoftwindows_server_2003sp2

microsoftwindows_xpsp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoftinternet_explorerMatch7

AND

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_server_2008Match-sp2x64

microsoftwindows_vista

microsoftwindows_vistax64

microsoftwindows_vistasp1

microsoftwindows_vistasp2

Node

microsoftinternet_explorerMatch6

AND

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_server_2003sp2

microsoftwindows_xpsp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoftinternet_explorerMatch6sp1

AND

microsoftwindows_2000sp4

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq7
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_xpmicrosoft windows xpeq-

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	7
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_xp	microsoft windows xp	eq	-