RCE in Microsoft Internet_explorer
CVE-2010-1259
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory C…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.564 (98.2th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet_explorer — versions 8, 6, 7
- Microsoft Windows_2000
- Microsoft Windows_2003_server
- Microsoft Windows_7
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_vista
- Microsoft Windows_xp
- N/a — versions n/a
Weakness classification (CWE)
References
- secure@microsoft.com (x_refsource_CONFIRM)
- MS10-035 (x_refsource_MS, vendor-advisory)
- oval:org.mitre.oval:def:7324 (x_refsource_OVAL, signature, vdb-entry)
- TA10-159B (US Government Resource, x_refsource_CERT, third-party-advisory)
- 65215 (x_refsource_OSVDB, vdb-entry)