CVE-2010-3346

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

History

21 Nov 2024, 01:18

Type Values Removed Values Added
References () http://www.securitytracker.com/id?1024872 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1024872 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA10-348A.html - Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA10-348A.html - Third Party Advisory, US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 - Patch, Vendor Advisory () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 - Patch, Vendor Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12322 - Tool Signature () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12322 - Tool Signature

Information

Published : 2010-12-16 19:33

Updated : 2024-11-21 01:18


NVD link : CVE-2010-3346

Mitre link : CVE-2010-3346

CVE.ORG link : CVE-2010-3346


JSON object : View

Products Affected

microsoft

  • windows_vista
  • windows_7
  • windows_xp
  • windows_server_2003
  • windows_server_2008
  • internet_explorer
CWE
CWE-908

Use of Uninitialized Resource