CVE-2010-0492

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 31-03-2010 09:30

Last modified: - 14-11-2022 06:02

Total changes: - 2

Description

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

Reference

ADV-2010-0744-Patch, Vendor Advisory
39030-Patch
1023773-
TA10-068A-US Government Resource
http://www.zerodayinitiative.com/advisories/ZDI-10-033
TA10-089A-US Government Resource
oval:org.mitre.oval:def:7722-
20100402 ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability-
MS10-018-

Keywords

CVE-2010-0492

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-0492

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures