CVE-2010-1260: Code Injection
First published: Tue Jun 08 2010(Updated: )
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Internet Explorer | =8 | |
| Any of | ||
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2 | |
| Microsoft Windows Server 2008 Itanium | =r2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Internet Explorer | =8 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2 | |
| Microsoft Windows Server 2008 Itanium | =r2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-1260?
CVE-2010-1260 is classified as a critical vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2010-1260?
To fix CVE-2010-1260, update to the latest version of Microsoft Internet Explorer, as patches are included in the updates.
What versions of Internet Explorer are affected by CVE-2010-1260?
CVE-2010-1260 affects Microsoft Internet Explorer 8, specifically versions SP1, SP2, and SP3.
What operating systems are vulnerable to CVE-2010-1260?
CVE-2010-1260 impacts systems running Windows XP, Vista, and various versions of Windows Server where Internet Explorer 8 is installed.
Can CVE-2010-1260 be exploited remotely?
Yes, CVE-2010-1260 can be exploited remotely if user interaction is involved.
- collector/nvd-historical
- agent/author
- agent/type
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/8
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/sp2
- canonical/microsoft windows 7
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- version/microsoft windows server 2008 itanium/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3