| ID |
CVE-2010-3343
|
| Summary |
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
-
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 28-02-2022 - 19:20) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-908 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS10-090 | | bulletin_url | | | date | 2010-12-14T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 2416400 | | knowledgebase_url | | | severity | Critical | | title | Cumulative Security Update for Internet Explorer |
|
| oval
via4
|
| accepted | 2011-01-24T04:00:29.282-05:00 | | class | vulnerability | | contributors | | name | Josh Turpin | | organization | Symantec Corporation |
| | definition_extensions | | comment | Microsoft Windows XP (x86) SP3 is installed | | oval | oval:org.mitre.oval:def:5631 |
| comment | Microsoft Internet Explorer 6 is installed | | oval | oval:org.mitre.oval:def:563 |
| comment | Microsoft Windows XP x64 Edition SP2 is installed | | oval | oval:org.mitre.oval:def:4193 |
| comment | Microsoft Windows Server 2003 SP2 (x86) is installed | | oval | oval:org.mitre.oval:def:1935 |
| comment | Microsoft Windows Server 2003 SP2 (x64) is installed | | oval | oval:org.mitre.oval:def:2161 |
| comment | Microsoft Windows Server 2003 (ia64) SP2 is installed | | oval | oval:org.mitre.oval:def:1442 |
| comment | Microsoft Internet Explorer 6 is installed | | oval | oval:org.mitre.oval:def:563 |
| | description | Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:12372 | | status | accepted | | submitted | 2010-10-12T13:00:00 | | title | HTML Object Memory Corruption Vulnerability | | version | 75 |
|
| refmap
via4
|
| cert | TA10-348A | | sectrack | 1024872 |
|
| Last major update |
28-02-2022 - 19:20 |
| Published |
16-12-2010 - 19:33 |
| Last modified |
28-02-2022 - 19:20 |
