CVE-2010-0811 — Code Injection in Microsoft Windows Server 2008

CWE-94 — Code Injection5 documents4 sources

Severity

9.3CRITICALNVD

EPSS

56.4%

top 1.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedJun 8

Latest updateMay 2

Description

Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-6gjj-93cg-cj2v: Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP↗2022-05-02

▶

📋Vendor Advisories

Red Hat

cups: latent privilege escalation vulnerability↗2010-06-15

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 06-08-2010↗

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 04-12-2011↗

▶