CVE-2010-0491
🔴 Łataj teraz
Wykorzystanie po zwolnieniu pamięci w Internet Explorerze pozwala na zdalne wykonanie kodu.
CVSS
9.3
EPSS
62.4%
Exploit
none
Vendor
microsoft
Opis źródłowy (NVD)
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 62.4% |
| Opublikowano (NVD) | 2010-03-31 19:30:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 01:13:23 UTC |
Referencje
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=864 (secure@microsoft.com)
- http://securitytracker.com/id?1023773 (secure@microsoft.com)
- http://www.securityfocus.com/bid/39027 (secure@microsoft.com) [Patch]
- http://www.us-cert.gov/cas/techalerts/TA10-068A.html (secure@microsoft.com) [US Government Resource]
- http://www.us-cert.gov/cas/techalerts/TA10-089A.html (secure@microsoft.com) [US Government Resource]
- http://www.vupen.com/english/advisories/2010/0744 (secure@microsoft.com) [Patch, Vendor Advisory]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 (secure@microsoft.com)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8421 (secure@microsoft.com)