Buffer overflow in Microsoft Internet_explorer

CVE-2010-0917

Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourt…

Vulnerability class: Buffer Overflow

EPSS: 0.501 (97.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Internet_explorer — versions 8, 6, 7
Microsoft Windows_2000
Microsoft Windows_2003_server
Microsoft Windows_server_2003
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
38473 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)
ms-win-winhlp32-bo(56560) (vdb-entry, x_refsource_XF)