5 matches found
Microsoft Internet Explorer 8.0 CTimeAction对象内存破坏漏洞(MS10-018)
BUGTRAQ ID: 39030 CVE ID: CVE-2010-0492 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer的mstime.dll库没有正确的处理CTimeAction对象。在处理TIME2行为期间,攻击者可以诱骗应用破坏标记,导致应用引用之前已被释放的内存。 攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 8.0 厂商补丁: Microsoft...
Memory corruption
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerabilit...
CVE-2010-0492
Microsoft Internet Explorer 8 contains a use-after-free in mstime.dll involving the CTimeAction object during TIME2 handling, causing memory corruption and remote code execution when a user visits a crafted page. The issue affects IE 8 and is officially addressed by Microsoft in MS10-018 (Cumulat...
CVE-2010-0492
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerabilit...
CVE-2010-0492
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerabilit...