CVE-2010-0488
published 2010-03-31CVE-2010-0488: Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same…
PriorityP335medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
29.23%
97.9th percentile
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CAPEC
Leverage Alternate Encoding
mitre_capec
[HIGH] Leverage Alternate Encoding
CAPEC-267: Leverage Alternate Encoding
An adversary leverages the possibility to encode potentially harmful input or content used by applications such that the applications are ineffective at validating this encoding standard.
Execution Flow:
Step 1 [Explore]: [Survey the application for user-controllable inputs] Using a browser, an automated tool or by inspecting the application, an adversary records all entry points to the application.
Technique: Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.
Technique: Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.
Technique: Use a browser to manually explore the websi
http://jvn.jp/en/jp/JVN49467403/index.htmlhttp://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.htmlhttp://securitytracker.com/id?1023773http://www.securityfocus.com/bid/39028http://www.us-cert.gov/cas/techalerts/TA10-068A.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-089A.htmlhttp://www.vupen.com/english/advisories/2010/0744https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7840http://jvn.jp/en/jp/JVN49467403/index.htmlhttp://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.htmlhttp://securitytracker.com/id?1023773http://www.securityfocus.com/bid/39028http://www.us-cert.gov/cas/techalerts/TA10-068A.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-089A.htmlhttp://www.vupen.com/english/advisories/2010/0744https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7840
2010-03-31
Published