CVE-2010-2559

Опубликовано: 11 авг. 2010

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.

Ссылки

http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984
Tool Signature
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984
Tool Signature

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.52821

Средний

9.3 Critical

CVSS2

Дефекты

CWE-908

Связанные уязвимости

GHSA-mqh3-jqp8-83fg

github

больше 3 лет назад