SAINT CorporationSAINT:0F996401D0A39D0E0906452C6F2E72C0Internet Explorer Eventparam use-after-free vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.6%
Added: 01/20/2010
CVE: CVE-2010-0249
BID: 37815
OSVDB: 61697
Background
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Problem
A vulnerability in the Eventparam function can cause Internet Explorer’s HTML engine to access memory that has already been freed, allowing command execution when a user loads a specially crafted page.
Resolution
See Microsoft Security Advisory 979352 for fix information.
References
<http://www.kb.cert.org/vuls/id/492515>
Limitations
Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer 6.
Platforms
Windows XP
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.6%