Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:96387A85AFC2E9FC30DAFAFF62E606AF
HistoryDec 16, 2010 - 12:00 a.m.

Internet Explorer HTML+TIME element OuterText memory corruption

2010-12-1600:00:00
SAINT Corporation
download.saintcorporation.com
16

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.939

Percentile

99.2%

JSON

Added: 12/16/2010
CVE: CVE-2010-3346
BID: 45261
OSVDB: 69829

Background

The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages.

Problem

A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a specially crafted web page in Internet Explorer.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-090.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-289/&gt;

Limitations

Exploit works on Internet Explorer 7 on Windows XP SP3 with security update KB980182, and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows XP

Related

zdi 1
saint 3
checkpoint_advisories 2
prion 1
nvd 1
cve 1
cvelist 1
symantec 1
openvas 2
nessus 1
mskb 1
securityvulns 1
threatpost 1
zdi
zdi
Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability
2010-12-14 00:00:00
saint
saint
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer HTML Time Element Memory Corruption (MS10-090) - Ver2 (CVE-2010-3346)
2015-05-18 00:00:00
Microsoft Internet Explorer HTML Time Element Memory Corruption (MS10-090; CVE-2010-3346)
2010-12-14 00:00:00
prion
prion
Memory corruption
2010-12-16 19:33:00
nvd
nvd
CVE-2010-3346
2010-12-16 19:33:02
cve
cve
CVE-2010-3346
2010-12-16 19:33:02
cvelist
cvelist
CVE-2010-3346
2010-12-16 19:00:00
symantec
symantec
Microsoft Internet Explorer Uninitialized HTML Element CVE-2010-3346 Memory Corruption Vulnerability
2010-12-14 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
nessus
nessus
MS10-090: Cumulative Security Update for Internet Explorer (2416400)
2010-12-15 00:00:00
mskb
mskb
MS10-090: Cumulative security update for Internet Explorer
2014-06-21 14:33:28
securityvulns
securityvulns
Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer &#40;2416400&#41;
2010-12-15 00:00:00
threatpost
threatpost
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.939

Percentile

99.2%

JSON
Related for SAINT:96387A85AFC2E9FC30DAFAFF62E606AF
zdi1saint3checkpoint_advisories2prion1nvd1cve1cvelist1symantec1openvas2nessus1mskb1securityvulns1threatpost1