Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:18980
HistoryJan 22, 2010 - 12:00 a.m.

Microsoft IE表格布局重用远程代码执行漏洞(MS10-002)

2010-01-2200:00:00
Root
www.seebug.org
17

EPSS

0.934

Percentile

99.2%

JSON

BUGTRAQ ID: 37892
CVE ID: CVE-2010-0245

Internet Explorer是Windows操作系统中默认捆绑的web浏览器。

在表格容器中使用特定的元素时,如果删除了其中一个元素,IE就会错误的从布局树中解除对该元素的链接。之后在遍历这个树的时候,IE会重新使用已经释放的对象。

攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。

Microsoft Internet Explorer 8.0
临时解决方法:

  • 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX控件和活动脚本之前进行提示。
  • 将Internet 和本地Intranet安全区域设置设为“高”,以便在这些区域中运行ActiveX控件和活动脚本之前进行提示。

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS10-002)以及相应补丁:
MS10-002:Cumulative Security Update for Internet Explorer (978207)
链接:http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx?pf=true

Related

seebug 1
securityvulns 3
zdi 1
checkpoint_advisories 2
cve 3
prion 3
cvelist 3
nvd 3
openvas 2
nessus 1
mskb 1
seebug
seebug
Microsoft IE基线标签渲染远程代码执行漏洞(MS10-002)
2010-01-22 00:00:00
securityvulns
securityvulns
ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability
2010-01-22 00:00:00
Microsoft Internet Explorer Multiple security vulnerabilities
2010-01-23 00:00:00
Microsoft Security Bulletin MS10-002 - Critical Cumulative Security Update for Internet Explorer (978207)
2010-01-22 00:00:00
zdi
zdi
Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability
2010-01-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerabilities (MS10-002)
2010-01-21 00:00:00
Internet Explorer 8 Overlap Components Memory Corruption (MS09-072; CVE-2009-3671; CVE-2010-0245; CVE-2010-0246)
2009-12-08 00:00:00
cve
cve
CVE-2010-0245
2010-01-22 22:00:00
CVE-2010-0246
2010-01-22 22:00:00
CVE-2010-2559
2010-08-11 18:47:50
prion
prion
Memory corruption
2010-01-22 22:00:00
Memory corruption
2010-01-22 22:00:00
Memory corruption
2010-08-11 18:47:00
cvelist
cvelist
CVE-2010-0245
2010-01-22 21:20:00
CVE-2010-0246
2010-01-22 21:20:00
CVE-2010-2559
2010-08-11 18:00:00
nvd
nvd
CVE-2010-0246
2010-01-22 22:00:00
CVE-2010-0245
2010-01-22 22:00:00
CVE-2010-2559
2010-08-11 18:47:50
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (978207)
2010-01-22 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (978207)
2010-01-22 00:00:00
nessus
nessus
MS10-002: Cumulative Security Update for Internet Explorer (978207)
2009-01-21 00:00:00
mskb
mskb
MS10-002: Cumulative security update for Internet Explorer
2014-06-23 07:27:25

EPSS

0.934

Percentile

99.2%

JSON
Related for SSV:18980
seebug1securityvulns3zdi1checkpoint_advisories2cve3prion3cvelist3nvd3openvas2nessus1mskb1