CVE-2010-1258 — Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200 — Sensitive Information Exposure4 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

20.6%

top 4.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedAug 11

Latest updateMay 2

Description

Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7, 8+2

🔴Vulnerability Details

GHSA

GHSA-h2gh-xq2p-gr8w: Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an u↗2022-05-02

▶

🕵️Threat Intelligence

Zscaler

Zscaler Provides Advanced Protection for Massive MS Patch↗

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 08-10-2010↗

▶