Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1F6E94C86BD21B338BB51896B8E4E841
HistoryDec 16, 2010 - 12:00 a.m.

Internet Explorer HTML+TIME element OuterText memory corruption

2010-12-1600:00:00
SAINT Corporation
download.saintcorporation.com
12

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.2%

JSON

Added: 12/16/2010
CVE: CVE-2010-3346
BID: 45261
OSVDB: 69829

Background

The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages.

Problem

A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a specially crafted web page in Internet Explorer.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-090.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-289/&gt;

Limitations

Exploit works on Internet Explorer 7 on Windows XP SP3 with security update KB980182, and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows XP

Related

checkpoint_advisories 2
prion 1
saint 3
zdi 1
symantec 1
cve 1
securityvulns 1
openvas 2
nessus 1
mskb 1
threatpost 1
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer HTML Time Element Memory Corruption (MS10-090; CVE-2010-3346)
2010-12-14 00:00:00
Microsoft Internet Explorer HTML Time Element Memory Corruption (MS10-090) - Ver2 (CVE-2010-3346)
2015-05-18 00:00:00
prion
prion
Memory corruption
2010-12-16 19:33:00
saint
saint
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
zdi
zdi
Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability
2010-12-14 00:00:00
symantec
symantec
Microsoft Internet Explorer Uninitialized HTML Element CVE-2010-3346 Memory Corruption Vulnerability
2010-12-14 00:00:00
cve
cve
CVE-2010-3346
2010-12-16 19:33:00
securityvulns
securityvulns
Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer &#40;2416400&#41;
2010-12-15 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
nessus
nessus
MS10-090: Cumulative Security Update for Internet Explorer (2416400)
2010-12-15 00:00:00
mskb
mskb
MS10-090: Cumulative security update for Internet Explorer
2014-06-21 14:33:28
threatpost
threatpost
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.2%

JSON
Related for SAINT:1F6E94C86BD21B338BB51896B8E4E841
checkpoint_advisories2prion1saint3zdi1symantec1cve1securityvulns1openvas2nessus1mskb1threatpost1