CVE-2010-1260

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

History

21 Nov 2024, 01:13

Type Values Removed Values Added
References () http://osvdb.org/65213 - () http://osvdb.org/65213 -
References () http://support.avaya.com/css/P8/documents/100089747 - () http://support.avaya.com/css/P8/documents/100089747 -
References () http://www.us-cert.gov/cas/techalerts/TA10-159B.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA10-159B.html - US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6686 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6686 -

21 Oct 2024, 17:35

Type Values Removed Values Added
CVSS v2 : 9.3
v3 : unknown
v2 : 9.3
v3 : 7.5

07 Dec 2023, 18:38

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*

Information

Published : 2010-06-08 22:30

Updated : 2024-11-21 01:13


NVD link : CVE-2010-1260

Mitre link : CVE-2010-1260

CVE.ORG link : CVE-2010-1260


JSON object : View

Products Affected

microsoft

  • windows_server_2008
  • windows_xp
  • windows_vista
  • internet_explorer
  • windows_7
  • windows_2003_server
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')