CVE-2010-0492

high

Description

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7722

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018

http://www.zerodayinitiative.com/advisories/ZDI-10-033

http://www.vupen.com/english/advisories/2010/0744

http://www.us-cert.gov/cas/techalerts/TA10-089A.html

http://www.us-cert.gov/cas/techalerts/TA10-068A.html

http://www.securityfocus.com/bid/39030

http://www.securityfocus.com/archive/1/510506/100/0/threaded

http://securitytracker.com/id?1023773

Details

Source: Mitre, NVD

Published: 2010-03-31

Updated: 2024-10-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High