5

CVE-2010-1127

Exploit

EPSS 26.55%
Published 26.03.2010 20:30:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version6.0

Microsoft ≫ Internet Explorer Version6.00.2462.0000

Microsoft ≫ Internet Explorer Version6.00.2479.0006

Microsoft ≫ Internet Explorer Version6.0.2600

Microsoft ≫ Internet Explorer Version6.00.2600.0000

Microsoft ≫ Internet Explorer Version6.0.2800

Microsoft ≫ Internet Explorer Version6.0.2800.1106

Microsoft ≫ Internet Explorer Version6.00.2800.1106

Microsoft ≫ Internet Explorer Version6.0.2900

Microsoft ≫ Internet Explorer Version6.0.2900.2180

Microsoft ≫ Internet Explorer Version6.00.2900.2180

Microsoft ≫ Internet Explorer Version6.00.3663.0000

Microsoft ≫ Internet Explorer Version6.00.3718.0000

Microsoft ≫ Internet Explorer Version6.00.3790.0000

Microsoft ≫ Internet Explorer Version6.00.3790.1830

Microsoft ≫ Internet Explorer Version6.00.3790.3959

Microsoft ≫ Internet Explorer Version7.0

Microsoft ≫ Internet Explorer Version7.0 Updatebeta

Microsoft ≫ Internet Explorer Version7.0 Updatebeta1

Microsoft ≫ Internet Explorer Version7.0 Updatebeta2

Microsoft ≫ Internet Explorer Version7.0 Updatebeta3

Microsoft ≫ Internet Explorer Version7.0.5730 Updateunknown Editiongold

Microsoft ≫ Internet Explorer Version7.0.5730.11

Microsoft ≫ Internet Explorer Version7.00.5730.1100

Microsoft ≫ Internet Explorer Version7.00.6000.16386

Microsoft ≫ Internet Explorer Version7.00.6000.16441

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	26.55%	0.958

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://archives.neohapsis.com/archives/bugtraq/2010-01/0237.html

Exploit

http://archives.neohapsis.com/archives/bugtraq/2010-01/0278.html

http://securityreason.com/exploitalert/7731

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2010-1127

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1127

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1127

EUVD