Lucene search

[email protected]NVD:CVE-2010-0249

HistoryJan 15, 2010 - 5:30 p.m.

CVE-2010-0249

2010-01-1517:30:00

CWE-416

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.958

Percentile

99.5%

JSON

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka “HTML Object Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch5.0.1sp4

microsoftinternet_explorerMatch6sp1

AND

microsoftwindows_2000Match-sp4

Node

microsoftinternet_explorerMatch6-

AND

microsoftwindows_server_2003Match-sp2itanium

microsoftwindows_server_2003Match-sp2x64

microsoftwindows_xpMatch-sp2

microsoftwindows_xpMatch-sp2professionalx64

microsoftwindows_xpMatch-sp3

Node

microsoftinternet_explorerMatch7.0

AND

microsoftwindows_server_2003Match-sp2itanium

microsoftwindows_server_2003Match-sp2x64

microsoftwindows_server_2008Match-

microsoftwindows_server_2008Match-sp2

microsoftwindows_vistaMatch--x64

microsoftwindows_vistaMatch-sp1-x64

microsoftwindows_vistaMatch-sp2-x64

microsoftwindows_xpMatch-sp2

microsoftwindows_xpMatch-sp2professionalx64

microsoftwindows_xpMatch-sp3

Node

microsoftinternet_explorerMatch8

AND

microsoftwindows_7Match-

microsoftwindows_server_2003Match-sp2x64

microsoftwindows_server_2008Match-

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2itanium

microsoftwindows_server_2008Matchr2x64

microsoftwindows_vistaMatch--x64

microsoftwindows_vistaMatch-sp1-x64

microsoftwindows_vistaMatch-sp2-x64

microsoftwindows_xpMatch-sp2

microsoftwindows_xpMatch-sp2professionalx64

microsoftwindows_xpMatch-sp3

References

blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx

news.cnet.com/8301-27080_3-10435232-245.html

osvdb.org/61697

securitytracker.com/id?1023462

support.microsoft.com/kb/979352

www.exploit-db.com/exploits/11167

www.kb.cert.org/vuls/id/492515

www.microsoft.com/technet/security/advisory/979352.mspx

www.securityfocus.com/bid/37815

www.us-cert.gov/cas/techalerts/TA10-055A.html

www.vupen.com/english/advisories/2010/0135

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002

exchange.xforce.ibmcloud.com/vulnerabilities/55642

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6835

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.958

Percentile

99.5%

JSON

Related for NVD:CVE-2010-0249

prion1 cert1 cve1 securityvulns3 saint4 checkpoint_advisories4 packetstorm4 canvas1 exploitpack1 metasploit1 symantec1 openvas4 cvelist1 seebug1 exploitdb2 threatpost1 mskb1 nessus1