Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:02570F86C1F7669CA0CB742DD65AA283
HistoryJan 20, 2010 - 12:00 a.m.

Internet Explorer Eventparam use-after-free vulnerability

2010-01-2000:00:00
SAINT Corporation
download.saintcorporation.com
13

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Added: 01/20/2010
CVE: CVE-2010-0249
BID: 37815
OSVDB: 61697

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A vulnerability in the Eventparam function can cause Internet Explorer’s HTML engine to access memory that has already been freed, allowing command execution when a user loads a specially crafted page.

Resolution

See Microsoft Security Advisory 979352 for fix information.

References

<http://www.kb.cert.org/vuls/id/492515&gt;

Limitations

Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer 6.

Platforms

Windows XP

Related

prion 1
securityvulns 3
cert 1
cve 1
checkpoint_advisories 4
packetstorm 4
saint 3
seebug 1
openvas 4
symantec 1
exploitpack 1
canvas 1
exploitdb 1
threatpost 1
mskb 1
nessus 1
prion
prion
Memory corruption
2010-01-15 17:30:00
securityvulns
securityvulns
Code to mitigate IE event zero-day &#40;CVE-2010-0249&#41;
2010-01-19 00:00:00
Microsoft Security Bulletin MS10-002 - Critical Cumulative Security Update for Internet Explorer &#40;978207&#41;
2010-01-22 00:00:00
Microsoft Internet Explorer Multiple security vulnerabilities
2010-01-23 00:00:00
cert
cert
Microsoft Internet Explorer HTML object memory corruption vulnerability
2010-01-14 00:00:00
cve
cve
CVE-2010-0249
2010-01-15 17:30:00
checkpoint_advisories
checkpoint_advisories
Trojan: Aurora.Hydraq (CVE-2010-0249)
2010-01-27 00:00:00
Internet Explorer Invalid Pointer Reference Memory Corruption (CVE-2010-0249)
2010-01-17 00:00:00
Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability Use After Free - Ver2 (CVE-2010-0249)
2014-04-16 00:00:00
packetstorm
packetstorm
Internet Explorer Aurora Exploit
2010-01-17 00:00:00
Internet Explorer 6 Web Server Exploit
2010-01-20 00:00:00
Internet Explorer "Aurora" Memory Corruption
2010-03-11 00:00:00
saint
saint
Internet Explorer Eventparam use-after-free vulnerability
2010-01-20 00:00:00
Internet Explorer Eventparam use-after-free vulnerability
2010-01-20 00:00:00
Internet Explorer Eventparam use-after-free vulnerability
2010-01-20 00:00:00
seebug
seebug
Internet Explorer Aurora Exploit
2010-01-18 00:00:00
openvas
openvas
Microsoft Internet Explorer RCE Vulnerability (979352)
2010-01-20 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
2010-01-20 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (978207)
2010-01-22 00:00:00
symantec
symantec
Internet Explorer CVE-2010-0249 'srcElement()' Remote Code Execution Vulnerability
2010-01-14 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 6 - Aurora Memory Corruption (MS10-002)
2010-01-17 00:00:00
canvas
canvas
Immunity Canvas: AURORA_FLASH
2010-01-15 17:30:00
exploitdb
exploitdb
Microsoft Internet Explorer 6 - &#039;Aurora&#039; Memory Corruption (MS10-002)
2010-01-17 00:00:00
threatpost
threatpost
Microsoft Knew of IE Zero-Day Flaw Since September
2010-01-21 20:40:23
mskb
mskb
MS10-002: Cumulative security update for Internet Explorer
2014-06-23 07:27:25
nessus
nessus
MS10-002: Cumulative Security Update for Internet Explorer (978207)
2009-01-21 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:02570F86C1F7669CA0CB742DD65AA283
prion1securityvulns3cert1cve1checkpoint_advisories4packetstorm4saint3seebug1openvas4symantec1exploitpack1canvas1exploitdb1threatpost1mskb1nessus1