Vulnerability Name: CVE-2010-0249 (CCN-55642) Assigned: 2010-01-14 Published: 2010-01-14 Updated: 2019-02-26 Summary: Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-399 Vulnerability Consequences: Gain Access References: Source: CONFIRMhttp://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx CVE-2010-0249 http://news.cnet.com/8301-27080_3-10435232-245.html 61697 Microsoft Internet Explorer Multiple Vulnerabilities Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code 1023462 979352 Cumulative Security Update for Internet Explorer (2618444) Cumulative Security Update for Internet Explorer (2647516) Cumulative Security Update for Internet Explorer (2675157) Cumulative Security Update for Internet Explorer (2699988) Cumulative Security Update for Internet Explorer (2719177) Cumulative Security Update for Internet Explorer (2722913) 11167 Microsoft Internet Explorer Freed Object Code Execution Microsoft Internet Explorer HTML object memory corruption vulnerability VU#492515 Vulnerability in Internet Explorer Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/979352.mspx Cumulative Security Update for Internet Explorer (978207) Cumulative Security Update for Internet Explorer (980182) Cumulative Security Update for Internet Explorer (982381) Cumulative Security Update for Internet Explorer (2183461) Cumulative Security Update for Internet Explorer (2360131) Cumulative Security Update for Internet Explorer (2416400) Cumulative Security Update for Internet Explorer (2482017) Cumulative Security Update for Internet Explorer (2497640) Cumulative Security Update for Internet Explorer (2530548) Cumulative Security Update for Internet Explorer (2559049) Cumulative Security Update for Internet Explorer (2586448) Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora) 37815 Internet Explorer CVE-2010-0249 'srcElement()' Remote Code Execution Vulnerability TA10-055A ADV-2010-0135 MS10-002 ie-freed-object-code-execution(55642) ie-freed-object-code-execution(55642) oval:org.mitre.oval:def:6835 Offensive Security Exploit Database [01-17-2010] Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:8:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_2000:sp4:*:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:8:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:ie:8.0:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* AND cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:* Oval Definitions BACK
microsoft internet explorer 6
microsoft internet explorer 6 sp1
microsoft internet explorer 7
microsoft internet explorer 8
microsoft windows 2000 sp4
microsoft internet explorer 6
microsoft internet explorer 7
microsoft internet explorer 6 sp1
microsoft internet explorer 8
microsoft windows vista *
microsoft windows vista - sp1
microsoft windows vista - sp2
microsoft windows server 2008 -
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2
microsoft windows xp -
microsoft windows xp sp3
microsoft windows server 2003 * sp2
microsoft windows 7 *
microsoft ie 6.0
microsoft ie 6.0 sp1
microsoft ie 7.0
microsoft ie 8.0
microsoft windows server 2008 -
microsoft windows server 2008
microsoft windows 2000 * sp4
microsoft windows xp sp2
microsoft windows vista *
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows vista *
microsoft windows xp sp2
microsoft windows vista * sp1
microsoft windows vista * sp1
microsoft windows server 2008
microsoft windows server 2008 -
microsoft windows xp sp3
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows 7 *
microsoft windows 7 -
microsoft windows server 2008 * r2
microsoft windows server 2008 * r2
Denotes that component is vulnerable