ID CVE-2010-2557
Summary Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 28-02-2022 - 17:27)
Impact:
Exploitability:
CWE CWE-908
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS10-053
bulletin_url
date 2010-08-10T00:00:00
impact Remote Code Execution
knowledgebase_id 2183461
knowledgebase_url
severity Critical
title Cumulative Security Update for Internet Explorer
oval via4
accepted 2010-09-27T04:00:21.633-04:00
class vulnerability
contributors
name Josh Turpin
organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
description Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:11968
status accepted
submitted 2010-06-08T13:00:00
title Uninitialized Memory Corruption Vulnerability
version 74
refmap via4
cert TA10-222A
Last major update 28-02-2022 - 17:27
Published 11-08-2010 - 18:47
Last modified 28-02-2022 - 17:27
Back to Top