| Vulnerability Name: | CVE-2010-3343 (CCN-63553) | ||||||||
| Assigned: | 2010-12-14 | ||||||||
| Published: | 2010-12-14 | ||||||||
| Updated: | 2022-02-28 | ||||||||
| Summary: | Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-908 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-3343 Source: CCN Type: SECTRACK ID: 1024872 Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks Source: CCN Type: Microsoft Security Bulletin MS11-099 Cumulative Security Update for Internet Explorer (2618444) Source: CCN Type: Microsoft Security Bulletin MS12-010 Cumulative Security Update for Internet Explorer (2647516) Source: CCN Type: Microsoft Security Bulletin MS12-023 Cumulative Security Update for Internet Explorer (2675157) Source: CCN Type: Microsoft Security Bulletin MS12-037 Cumulative Security Update for Internet Explorer (2699988) Source: CCN Type: Microsoft Security Bulletin MS12-044 Cumulative Security Update for Internet Explorer (2719177) Source: CCN Type: Microsoft Security Bulletin MS12-052 Cumulative Security Update for Internet Explorer (2722913) Source: CCN Type: IBM Security Protection Alert Microsoft Internet Explorer Could Allow Remote Code Execution Source: CCN Type: Microsoft Security Bulletin MS10-090 Cumulative Security Update for Internet Explorer (2416400) Source: CCN Type: Microsoft Security Bulletin MS11-003 Cumulative Security Update for Internet Explorer (2482017) Source: CCN Type: Microsoft Security Bulletin MS11-018 Cumulative Security Update for Internet Explorer (2497640) Source: CCN Type: Microsoft Security Bulletin MS11-050 Cumulative Security Update for Internet Explorer (2530548) Source: CCN Type: Microsoft Security Bulletin MS11-057 Cumulative Security Update for Internet Explorer (2559049) Source: CCN Type: Microsoft Security Bulletin MS11-081 Cumulative Security Update for Internet Explorer (2586448) Source: CCN Type: BID-45259 Microsoft Internet Explorer Uninitialized Object CVE-2010-3343 Memory Corruption Vulnerability Source: SECTRACK Type: Broken Link, Third Party Advisory, VDB Entry 1024872 Source: CERT Type: Third Party Advisory, US Government Resource TA10-348A Source: MS Type: Patch, Vendor Advisory MS10-090 Source: XF Type: UNKNOWN ms-ie-obj-ce(63553) Source: OVAL Type: Tool Signature oval:org.mitre.oval:def:12372 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||