CVE-2010-0490

🔴 Łataj teraz

Błąd w Microsoft Internet Explorer umożliwia zdalne wykonanie kodu przez uszkodzenie pamięci.

CVSS

9.3

EPSS

62.1%

Exploit

none

Vendor

microsoft

Opis źródłowy (NVD)

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

brak Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.3
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	62.1%
Opublikowano (NVD)	2010-03-31 19:30:00 UTC
Ostatnia modyfikacja (NVD)	2026-04-29 01:13:23 UTC

Referencje

http://securitytracker.com/id?1023773 (secure@microsoft.com)
http://www.securityfocus.com/bid/39031 (secure@microsoft.com) [Patch]
http://www.us-cert.gov/cas/techalerts/TA10-068A.html (secure@microsoft.com) [US Government Resource]
http://www.us-cert.gov/cas/techalerts/TA10-089A.html (secure@microsoft.com) [US Government Resource]
http://www.vupen.com/english/advisories/2010/0744 (secure@microsoft.com) [Patch, Vendor Advisory]
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 (secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8302 (secure@microsoft.com)