RCE in Microsoft Internet_explorer

CVE-2010-0267

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memo…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.662 (98.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Internet_explorer — versions 6, 7
Microsoft Windows_2000
Microsoft Windows_2003_server
Microsoft Windows_server_2003
Microsoft Windows_server_2008
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

1023773 (vdb-entry, x_refsource_SECTRACK)
39023 (Patch, vdb-entry, x_refsource_BID)
TA10-068A (US Government Resource, x_refsource_CERT, third-party-advisory)
TA10-089A (US Government Resource, x_refsource_CERT, third-party-advisory)
ADV-2010-0744 (Patch, vdb-entry, x_refsource_VUPEN, Vendor Advisory)
MS10-018 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:8554 (signature, x_refsource_OVAL, vdb-entry)