CVE-2010-2557

EPSS 52.82%
Veröffentlicht 11.08.2010 18:47:50
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version6

   Microsoft ≫ Windows Server 2003 Version- Updatesp2
   Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   Microsoft ≫ Windows Xp Version- Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	52.82%	0.979

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://www.us-cert.gov/cas/techalerts/TA10-222A.html

Third Party Advisory

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053

Patch

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11968

Tool Signature

https://nvd.nist.gov/vuln/detail/CVE-2010-2557

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2557

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2557

EUVD