9.3

CVE-2010-0491

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2003 Server Updatesp2 Editionitanium
MicrosoftWindows Xp Updatesp2
MicrosoftWindows Xp Updatesp3
MicrosoftWindows Xp Version- Updatesp2 Editionx64
MicrosoftInternet Explorer Version5.01 Updatesp4
MicrosoftInternet Explorer Version6 Updatesp1
MicrosoftWindows 2000 Updatesp4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.28% 0.979
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA10-089A.html
US Government Resource
http://www.vupen.com/english/advisories/2010/0744
Patch
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
http://securitytracker.com/id?1023773
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=864
http://www.securityfocus.com/bid/39027
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8421