What is CVE-2010-0248?

CVE-2010-0248 is a high-severity vulnerability in Microsoft Internet_explorer, classified under Code Injection. CVSS score: 8.1/10. Published 2010-01-22.

How severe is CVE-2010-0248?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2010-0248 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Microsoft Internet_explorer

CVE-2010-0248

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to m…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.784 (99.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Microsoft Internet_explorer — versions 7.0, 6.00.2900.2180, 6.0.2900.2180
Microsoft Windows_2000
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

MS10-002 (x_refsource_MS, vendor-advisory)
ie-object-memory-code-exec(55778) (vdb-entry, x_refsource_XF)
oval:org.mitre.oval:def:8267 (signature, x_refsource_OVAL, vdb-entry)

Frequently asked questions

What is CVE-2010-0248?: CVE-2010-0248 is a high-severity vulnerability in Microsoft Internet_explorer, classified under Code Injection. CVSS score: 8.1/10. Published 2010-01-22.
How severe is CVE-2010-0248?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2010-0248 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.