ID |
CVE-2010-2559
|
Summary |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
-
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
|
CVSS |
Base: | 9.3 (as of 28-02-2022 - 17:31) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-908 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
msbulletin
via4
|
bulletin_id | MS10-053 | bulletin_url | | date | 2010-08-10T00:00:00 | impact | Remote Code Execution | knowledgebase_id | 2183461 | knowledgebase_url | | severity | Critical | title | Cumulative Security Update for Internet Explorer |
|
oval
via4
|
accepted | 2014-08-18T04:00:14.795-04:00 | class | vulnerability | contributors | name | Josh Turpin | organization | Symantec Corporation |
name | Rachana Shetty | organization | SecPod Technologies |
name | Dragos Prisaca | organization | Symantec Corporation |
name | Maria Mikhno | organization | ALTX-SOFT |
| definition_extensions | comment | Microsoft Windows XP (32-bit) is installed | oval | oval:org.mitre.oval:def:1353 |
comment | Microsoft Windows XP x64 is installed | oval | oval:org.mitre.oval:def:15247 |
comment | Microsoft Windows Server 2003 (32-bit) is installed | oval | oval:org.mitre.oval:def:1870 |
comment | Microsoft Windows Server 2003 (x64) is installed | oval | oval:org.mitre.oval:def:730 |
comment | Microsoft Internet Explorer 8 is installed | oval | oval:org.mitre.oval:def:6210 |
comment | Microsoft Windows Vista (32-bit) is installed | oval | oval:org.mitre.oval:def:1282 |
comment | Microsoft Windows Vista x64 Edition is installed | oval | oval:org.mitre.oval:def:2041 |
comment | Microsoft Windows Server 2008 (32-bit) is installed | oval | oval:org.mitre.oval:def:4870 |
comment | Microsoft Windows Server 2008 (64-bit) is installed | oval | oval:org.mitre.oval:def:5356 |
comment | Microsoft Internet Explorer 8 is installed | oval | oval:org.mitre.oval:def:6210 |
comment | Microsoft Windows 7 (32-bit) is installed | oval | oval:org.mitre.oval:def:6165 |
comment | Microsoft Windows 7 x64 Edition is installed | oval | oval:org.mitre.oval:def:5950 |
comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | oval | oval:org.mitre.oval:def:6438 |
comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | oval | oval:org.mitre.oval:def:5954 |
comment | Microsoft Internet Explorer 8 is installed | oval | oval:org.mitre.oval:def:6210 |
| description | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. | family | windows | id | oval:org.mitre.oval:def:11984 | status | accepted | submitted | 2010-06-08T13:00:00 | title | Uninitialized Memory Corruption Vulnerability | version | 81 |
|
refmap
via4
|
|
Last major update |
28-02-2022 - 17:31 |
Published |
11-08-2010 - 18:47 |
Last modified |
28-02-2022 - 17:31 |