Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24886
HistoryOct 13, 2010 - 12:00 a.m.

Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331

2010-10-1300:00:00
vulners.com
18
JSON

Dear List,

I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability.

Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/

Internet Explorer Uninitialized Memory Corruption Vulnerability
CVE-2010-3331 - MS10-071

INTRODUCTION

There exists a vulnerability within the way internet explorer handles specific objects that has not been correctly initialized or
has been deleted, which leads to uninitialized memory reference and code execution.

This vulnerability can be triggered thru different vectors, been Microsoft Word one of the tested ones.

This problem was confirmed in the following versions of Internet Explorer and Windows, other versions
maybe also affected.

Internet Explorer 6 running in All Versions of Windows
Internet Explorer 7 running in All Versions of Windows
Internet Explorer 8 running in All Versions of Windows

MICROSOFT EXPLOTABILITY INDEX

In order to help the Microsoft Response Team we did further analysis on the vulnerability and we classify it as: 1 consistent exploit code likely.

Important to note again that since the faulty code also appears inside the mshtml.dll other applications may behave differently when triggering the problem (even
more when
talking about 3rd parties).

CVSS Scoring System

The CVSS score is: 8.3
Base Score: 10
Temporal Score: 8.3
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal score is: E:F/RL:OF/RC:C

TRIGGERING THE PROBLEM

This vulnerability can be triggered by creating a persistent object with class id:
CLSID:AE24FDAE-03C6-11D1-8B76-0080C744F389.

The problem is triggered by the an exploit code available to interested party which causes invalid memory access in
all the referred versions.

CREDITS

This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).

Best Regards,

Rodrigo.


Rodrigo Rubira Branco
Senior Security Researcher
Vulnerability Discovery Team (VDT)
Check Point Software Technologies

Related

symantec 1
checkpoint_advisories 2
prion 1
cve 1
seebug 1
openvas 2
securityvulns 2
nessus 1
symantec
symantec
Microsoft Internet Explorer Uninitialized Memory CVE-2010-3331 Remote Code Execution Vulnerability
2010-10-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer MSHTML Uninitialized Memory Corruption (MS10-071) - Ver2 (CVE-2010-3331)
2015-05-18 00:00:00
Microsoft Internet Explorer MSHTML Uninitialized Memory Corruption (MS10-071; CVE-2010-3331)
2010-10-12 00:00:00
prion
prion
Memory corruption
2010-10-13 19:00:00
cve
cve
CVE-2010-3331
2010-10-13 19:00:00
seebug
seebug
Microsoft IE多个未初始化内存远程代码执行漏洞(MS10-071)
2010-10-15 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
2010-10-13 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
2010-10-13 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2010-10-13 00:00:00
Microsoft Security Bulletin MS10-071 - Critical Cumulative Security Update for Internet Explorer (2360131)
2010-10-13 00:00:00
nessus
nessus
MS10-071: Cumulative Security Update for Internet Explorer (2360131)
2010-10-13 00:00:00
JSON
Related for SECURITYVULNS:DOC:24886
symantec1checkpoint_advisories2prion1cve1seebug1openvas2securityvulns2nessus1