CVE-2010-0492

CVSS 8.1 HIGHEPSS 27.5%CWE-94

Vexday Risk Score

26Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.1EPSS 27.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

31 Mar 2010Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 http://securitytracker.com/id?1023773 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7722 http://www.securityfocus.com/archive/1/510506/100/0/threaded http://www.securityfocus.com/bid/39030 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 http://www.zerodayinitiative.com/advisories/ZDI-10-033