Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0248Code Injection in Microsoft Internet Explorer

CWE-94Code InjectionCWE-416Use After Free5 documents5 sources
Severity
8.1HIGHNVD
EPSS
78.4%
top 0.97%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJan 22
Latest updateMay 2

Description

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer26 versions+25

🔴Vulnerability Details

1
GHSA
GHSA-vqxq-fjhv-69jf: Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by2022-05-02

💥Exploits & PoCs

2
Exploit-DB
Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002) (Metasploit)2012-03-22
Metasploit
MS10-002 Microsoft Internet Explorer Object Memory Use-After-Free

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Internet Explorer CTableRowCellsCollectionCacheItem.GetNext Memory Use-After-Free Attempt2012-04-04
CVE-2010-0248 — Code Injection in Microsoft | cvebase