CVE-2010-1991 - Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situ

CVE-2010-1991

Summary

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:8.0.7600.16385:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 23-07-2021 - 15:05)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bugtraq	20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
misc	http://websecurity.com.ua/4206/

Last major update

23-07-2021 - 15:05

Published

20-05-2010 - 17:30

Last modified

23-07-2021 - 15:05