9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Added: 01/20/2010
CVE: CVE-2010-0249
BID: 37815
OSVDB: 61697
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
A vulnerability in the Eventparam function can cause Internet Explorer’s HTML engine to access memory that has already been freed, allowing command execution when a user loads a specially crafted page.
See Microsoft Security Advisory 979352 for fix information.
<http://www.kb.cert.org/vuls/id/492515>
Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer 6.
Windows XP