Lucene search
Stephen Fewer of Harmony Security (www.harmonysecurity.com)ZDI-10-288HistoryDec 14, 2010 - 12:00 a.m.
Microsoft Internet Explorer Recursive Select Element Remote Code Execution Vulnerability
2010-12-1400:00:00
Stephen Fewer of Harmony Security (www.harmonysecurity.com)
www.zerodayinitiative.com
17
EPSS
0.939
Percentile
99.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application’s support for the select tag. Upon adding a particular element to the select tag, the application will free the contents of the select element and then use it. Successful exploitation can lead to code execution under the context of the application.
Related
cve
cve
CVE-2010-3345
2010-12-16 19:33:02
checkpoint_advisories
checkpoint_advisories
Internet Explorer 8 HTML Element Memory Corruption (MS10-090; CVE-2010-3345)
2010-12-14 00:00:00
prion
prion
Memory corruption
2010-12-16 19:33:00
cvelist
cvelist
CVE-2010-3345
2010-12-16 19:00:00
nvd
nvd
CVE-2010-3345
2010-12-16 19:33:02
securityvulns
securityvulns
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
nessus
nessus
MS10-090: Cumulative Security Update for Internet Explorer (2416400)
2010-12-15 00:00:00
mskb
mskb
MS10-090: Cumulative security update for Internet Explorer
2014-06-21 14:33:28