RCE in Microsoft Internet_explorer
CVE-2010-1262
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.634 (98.4th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet_explorer — versions 8, 6, 7
- Microsoft Windows_2000
- Microsoft Windows_2003_server
- Microsoft Windows_7
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_vista
- Microsoft Windows_xp
- N/a — versions n/a
Weakness classification (CWE)
References
- secure@microsoft.com (x_refsource_CONFIRM)
- secure@microsoft.com (x_refsource_MISC)
- 40417 (vdb-entry, x_refsource_BID)
- 20100608 ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- MS10-035 (x_refsource_MS, vendor-advisory)
- TA10-159B (US Government Resource, x_refsource_CERT, third-party-advisory)
- oval:org.mitre.oval:def:7406 (x_refsource_OVAL, signature, vdb-entry)