CVE-2010-0807 — Code Injection in Microsoft Internet Explorer

CWE-94 — Code Injection5 documents3 sources

Severity

9.3CRITICALNVD

EPSS

62.1%

top 1.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedMar 31

Latest updateMay 2

Description

Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer7

Patches

Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-5mgh-9648-5w74: Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a delet↗2022-05-02

▶

💬Community

Bugzilla

CVE-2010-3559 JDK unspecified vulnerability in Sound component↗2010-10-13

▶

Bugzilla

CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component↗2010-10-13

▶

Bugzilla

CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489)↗2010-10-04

▶