CVE-2010-1262: Code Injection
First published: Tue Jun 08 2010(Updated: )
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Internet Explorer | =8 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| All of | ||
| Internet Explorer | =6-sp1 | |
| Microsoft Windows 2000 | =sp4 | |
| All of | ||
| Internet Explorer | =6 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| All of | ||
| Internet Explorer | =7 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Internet Explorer | =8 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Internet Explorer | =6-sp1 | |
| Microsoft Windows 2000 | =sp4 | |
| Internet Explorer | =6 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Internet Explorer | =7 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA10-159B.html
- http://www.zerodayinitiative.com/advisories/ZDI-10-102/
- http://www.securityfocus.com/bid/40417
- http://support.avaya.com/css/P8/documents/100089747
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7406
- http://www.securityfocus.com/archive/1/511727/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035
Frequently Asked Questions
What is the severity of CVE-2010-1262?
CVE-2010-1262 has a critical severity rating due to its potential to allow remote code execution.
How do I fix CVE-2010-1262?
To fix CVE-2010-1262, apply the latest security updates provided by Microsoft for Internet Explorer.
Which versions of Internet Explorer are affected by CVE-2010-1262?
CVE-2010-1262 affects Microsoft Internet Explorer versions 6, 7, and 8.
What types of attacks can exploit CVE-2010-1262?
CVE-2010-1262 can be exploited via crafted web pages that lead to memory corruption, enabling arbitrary code execution.
Is there a workaround for CVE-2010-1262 if I cannot patch immediately?
A temporary workaround for CVE-2010-1262 is to use a different web browser until a patch can be applied.
- collector/nvd-historical
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/8
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows 7
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3
- version/internet explorer/6-sp1
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- version/internet explorer/6
- version/internet explorer/7