CVE-2010-0492Code Injection in Microsoft Internet Explorer

CWE-94Code Injection4 documents4 sources
Severity
8.1HIGHNVD
EPSS
62.8%
top 1.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedMar 31
Latest updateMay 2

Description

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer8, 8.0.6001+1

Patches

Patch: www.securityfocus.comPatch: www.vupen.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-r97j-8742-f767: Use-after-free vulnerability in mstime2022-05-02

💥Exploits & PoCs

1
Exploit-DB
Persits XUpload - ActiveX AddFile Buffer Overflow (Metasploit)2010-05-09

💬Community

1
Bugzilla
CVE-2011-0015 CVE-2011-0016 CVE-2011-0427 CVE-2011-0490 CVE-2011-0491 CVE-2011-0492 CVE-2011-0493 CVE-2010-1676 CVE-2010-0383 CVE-2010-0385 tor various flaws [epel-5]2011-01-20
CVE-2010-0492 — Code Injection in Microsoft | cvebase