CVE-2010-3345

Опубликовано: 16 дек. 2010

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."

Ссылки

http://www.securitytracker.com/id?1024872
Broken Link
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11849
Tool Signature
http://www.securitytracker.com/id?1024872
Broken Link
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11849
Tool Signature

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.58392

Средний

9.3 Critical

CVSS2

Дефекты

CWE-908

Связанные уязвимости

GHSA-x97p-4v8c-ghr2

github

больше 3 лет назад