CVE-2010-1118Improper Input Validation in Microsoft Data Access Components

CWE-20Improper Input Validation5 documents3 sources
Severity
10.0CRITICALNVD
NVD9.3
EPSS
36.6%
top 2.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Data Access ComponentsMicrosoft Internet ExplorerMicrosoft Windows Data Access Components
Timeline
PublishedMar 25
Latest updateMay 3

Description

Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-3h23-qfr3-fm4r: Microsoft Data Access Components (MDAC) 22022-05-03
GHSA
GHSA-cmwj-g9pr-hgfp: Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibl2022-05-02

💥Exploits & PoCs

1
Exploit-DB
Oracle GlassFish Server - Administration Console Authentication Bypass2011-05-12
CVE-2010-1118 — Improper Input Validation in Microsoft | cvebase