Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-0555
HistoryFeb 04, 2010 - 8:15 p.m.

CVE-2010-0555

2010-02-0420:15:25
[email protected]
web.nvd.nist.gov
22
microsoft
internet explorer
cve-2010-0555
urlmon sniffing vulnerability
access restriction bypass

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.926 High

EPSS

Percentile

99.0%

JSON

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product’s use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.

Affected configurations

NVD
Node
microsoftinternet_explorerMatch6
AND
microsoftwindows_server_2003
OR
microsoftwindows_server_2003sp1
OR
microsoftwindows_server_2003sp1itanium
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_xppro_x64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2pro_x64
OR
microsoftwindows_xpsp3
Node
microsoftinternet_explorerMatch7
AND
microsoftwindows_server_2003
OR
microsoftwindows_server_2003sp1
OR
microsoftwindows_server_2003sp1itanium
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008
OR
microsoftwindows_server_200832_bit
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_vista
OR
microsoftwindows_vistax64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistaMatchgold
OR
microsoftwindows_xpx64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2x64
OR
microsoftwindows_xpsp3
Node
microsoftinternet_explorerMatch5.01sp4
OR
microsoftinternet_explorerMatch6sp1
AND
microsoftwindows_2000sp4

Related

nvd 4
cvelist 4
prion 4
cve 3
coresecurity 2
checkpoint_advisories 2
openvas 5
securityvulns 6
seebug 2
nessus 2
symantec 1
packetstorm 1
nvd
nvd
CVE-2010-0555
2010-02-04 20:15:25
CVE-2010-0255
2010-02-04 20:15:49
CVE-2008-1448
2008-08-13 00:41:00
cvelist
cvelist
CVE-2010-0555
2010-02-04 20:00:00
CVE-2010-0255
2010-02-04 19:00:00
CVE-2008-1448
2008-08-13 00:00:00
prion
prion
Design/Logic Flaw
2010-02-04 20:15:00
Design/Logic Flaw
2010-02-04 20:15:00
Information disclosure
2008-08-13 00:41:00
cve
cve
CVE-2010-0255
2010-02-04 20:15:49
CVE-2008-1448
2008-08-13 00:41:00
CVE-2009-1140
2009-06-10 18:30:00
coresecurity
coresecurity
Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
2008-08-13 00:00:00
Internet Explorer Security Zone restrictions bypass
2009-06-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows MHTML URL Parsing Information Disclosure (MS08-048; CVE-2008-1448)
2008-08-12 00:00:00
Internet Explorer History Index Script Injection (MS09-019; CVE-2009-1140)
2009-06-09 00:00:00
openvas
openvas
Security Update for Outlook Express (951066)
2008-08-19 00:00:00
Security Update for Outlook Express (951066)
2008-08-19 00:00:00
Cumulative Security Update for Internet Explorer (969897)
2009-06-10 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail (951066)
2008-08-12 00:00:00
CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
2008-08-14 00:00:00
CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass
2009-06-11 00:00:00
seebug
seebug
Microsoft IE MHTML协议处理器跨域信息泄露漏洞(MS08-048)
2008-08-15 00:00:00
Microsoft IE缓存内容跨域信息泄露漏洞(MS09-019)
2009-06-11 00:00:00
nessus
nessus
MS08-048: Security Update for Outlook Express and Windows Mail (951066)
2008-08-13 00:00:00
MS09-019: Cumulative Security Update for Internet Explorer (969897)
2009-06-10 00:00:00
symantec
symantec
Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
2009-06-09 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2008.0826
2009-06-10 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.926 High

EPSS

Percentile

99.0%

JSON
Related for CVE-2010-0555
nvd4cvelist4prion4cve3coresecurity2checkpoint_advisories2openvas5securityvulns6seebug2nessus2symantec1packetstorm1