CVE-2010-0492: Code Injection
First published: Wed Mar 31 2010(Updated: )
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =8 | |
| Internet Explorer | =8.0.6001 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| All of | ||
| Any of | ||
| =8 | ||
| =8.0.6001 | ||
| Any of | ||
| =sp2 | ||
| =sp2 | ||
| =sp2 | ||
| =r2 | ||
| =r2 | ||
| =sp2 | ||
| =sp1 | ||
| =sp2 | ||
| =sp1 | ||
| =sp2 | ||
| =sp2 | ||
| =sp3 | ||
| =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/0744
- http://www.securityfocus.com/bid/39030
- http://securitytracker.com/id?1023773
- http://www.us-cert.gov/cas/techalerts/TA10-068A.html
- http://www.zerodayinitiative.com/advisories/ZDI-10-033
- http://www.us-cert.gov/cas/techalerts/TA10-089A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7722
- http://www.securityfocus.com/archive/1/510506/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018
Frequently Asked Questions
What is the severity of CVE-2010-0492?
CVE-2010-0492 is categorized as a critical severity vulnerability due to its ability to allow remote code execution.
How do I fix CVE-2010-0492?
You can fix CVE-2010-0492 by applying the latest security updates provided by Microsoft for affected Internet Explorer and Windows versions.
What software is affected by CVE-2010-0492?
CVE-2010-0492 affects Microsoft Internet Explorer 8 and various versions of Windows including Windows XP, Vista, 7, and 2003 Server.
What potential risks are associated with CVE-2010-0492?
The risks associated with CVE-2010-0492 include remote code execution that could lead to system compromise and unauthorized access to sensitive information.
Are there any known exploits for CVE-2010-0492?
Yes, there are known exploits for CVE-2010-0492 that target users of the affected versions of Internet Explorer.
- collector/nvd-historical
- agent/weakness
- agent/type
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/8
- version/internet explorer/8.0.6001
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows 7
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3