What is CVE-2010-0483?

CVE-2010-0483 is a vulnerability in Microsoft Internet_explorer, classified under Code Injection. Published 2010-03-03.

Is CVE-2010-0483 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Microsoft Internet_explorer

CVE-2010-0483

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.831 (99.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Internet_explorer — versions 8, 6, 7
Microsoft Windows_2000
Microsoft Windows_2003_server
Microsoft Windows_server_2003
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)
secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)
secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)
secure@microsoft.com (Exploit, x_refsource_MISC)
secure@microsoft.com (Exploit, x_refsource_MISC)
38727 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
1023668 (vdb-entry, x_refsource_SECTRACK)
secure@microsoft.com (x_refsource_MISC)
VU#612021 (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2010-0483?: CVE-2010-0483 is a vulnerability in Microsoft Internet_explorer, classified under Code Injection. Published 2010-03-03.
Is CVE-2010-0483 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.