CVE-2010-0255Microsoft Internet Explorer vulnerability

3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
49.3%
top 2.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedFeb 4
Latest updateMay 2

Description

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-93vc-2h9g-v2wq: Microsoft Internet Explorer 52022-05-02

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 06-08-2010
CVE-2010-0255 — Microsoft vulnerability | cvebase