Описание
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
Ссылки
- Patch
- US Government Resource
- US Government Resource
- PatchVendor Advisory
- Patch
- US Government Resource
- US Government Resource
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.62433
Средний
9.3 Critical
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
почти 4 года назад
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
EPSS
Процентиль: 98%
0.62433
Средний
9.3 Critical
CVSS2
Дефекты
CWE-399