Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:36B35A2AF6C0774BFBE7D60C77761A6D
HistoryJan 20, 2010 - 12:00 a.m.

Internet Explorer Eventparam use-after-free vulnerability

2010-01-2000:00:00
SAINT Corporation
my.saintcorporation.com
24

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.964

Percentile

99.6%

JSON

Added: 01/20/2010
CVE: CVE-2010-0249
BID: 37815
OSVDB: 61697

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A vulnerability in the Eventparam function can cause Internet Explorer’s HTML engine to access memory that has already been freed, allowing command execution when a user loads a specially crafted page.

Resolution

See Microsoft Security Advisory 979352 for fix information.

References

<http://www.kb.cert.org/vuls/id/492515&gt;

Limitations

Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer 6.

Platforms

Windows XP

Related

prion 1
securityvulns 3
cve 1
cert 1
saint 3
checkpoint_advisories 4
packetstorm 4
openvas 4
canvas 1
exploitpack 1
nvd 1
symantec 1
cvelist 1
seebug 1
exploitdb 1
threatpost 1
mskb 1
nessus 1
prion
prion
Memory corruption
2010-01-15 17:30:00
securityvulns
securityvulns
Code to mitigate IE event zero-day &#40;CVE-2010-0249&#41;
2010-01-19 00:00:00
Microsoft Internet Explorer Multiple security vulnerabilities
2010-01-23 00:00:00
Microsoft Security Bulletin MS10-002 - Critical Cumulative Security Update for Internet Explorer &#40;978207&#41;
2010-01-22 00:00:00
cve
cve
CVE-2010-0249
2010-01-15 17:30:00
cert
cert
Microsoft Internet Explorer HTML object memory corruption vulnerability
2010-01-14 00:00:00
saint
saint
Internet Explorer Eventparam use-after-free vulnerability
2010-01-20 00:00:00
Internet Explorer Eventparam use-after-free vulnerability
2010-01-20 00:00:00
Internet Explorer Eventparam use-after-free vulnerability
2010-01-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer Invalid Pointer Reference Memory Corruption (CVE-2010-0249)
2010-01-17 00:00:00
Trojan: Aurora.Hydraq (CVE-2010-0249)
2010-01-27 00:00:00
Preemptive Protection against Microsoft Internet Explorer Invalid Pointer Reference Remote Code Execution Vulnerability (MS10-002)
2010-01-17 00:00:00
packetstorm
packetstorm
Internet Explorer Aurora Exploit
2010-01-17 00:00:00
Microsoft Internet Explorer "Aurora" Memory Corruption
2010-01-18 00:00:00
Internet Explorer "Aurora" Memory Corruption
2010-03-11 00:00:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
2010-01-20 00:00:00
Microsoft Internet Explorer RCE Vulnerability (979352)
2010-01-20 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (978207)
2010-01-22 00:00:00
canvas
canvas
Immunity Canvas: AURORA_FLASH
2010-01-15 17:30:00
exploitpack
exploitpack
Microsoft Internet Explorer 6 - Aurora Memory Corruption (MS10-002)
2010-01-17 00:00:00
nvd
nvd
CVE-2010-0249
2010-01-15 17:30:00
symantec
symantec
Internet Explorer CVE-2010-0249 'srcElement()' Remote Code Execution Vulnerability
2010-01-14 00:00:00
cvelist
cvelist
CVE-2010-0249
2010-01-15 17:00:00
seebug
seebug
Internet Explorer Aurora Exploit
2010-01-18 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 6 - &#039;Aurora&#039; Memory Corruption (MS10-002)
2010-01-17 00:00:00
threatpost
threatpost
Microsoft Knew of IE Zero-Day Flaw Since September
2010-01-21 20:40:23
mskb
mskb
MS10-002: Cumulative security update for Internet Explorer
2014-06-23 07:27:25
nessus
nessus
MS10-002: Cumulative Security Update for Internet Explorer (978207)
2009-01-21 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.964

Percentile

99.6%

JSON
Related for SAINT:36B35A2AF6C0774BFBE7D60C77761A6D
prion1securityvulns3cve1cert1saint3checkpoint_advisories4packetstorm4openvas4canvas1exploitpack1nvd1symantec1cvelist1seebug1exploitdb1threatpost1mskb1nessus1