RCE in Microsoft Internet_explorer

CVE-2010-3331

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an obj…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.554 (98.1th percentile) — read the EPSS interpretation.

Affected products

Microsoft Internet_explorer — versions 8, 6, 7
Microsoft Windows_2003_server
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

MS10-071 (x_refsource_MS, vendor-advisory)
TA10-285A (US Government Resource, x_refsource_CERT, third-party-advisory)
oval:org.mitre.oval:def:6832 (x_refsource_OVAL, signature, vdb-entry)
secure@microsoft.com (x_refsource_CONFIRM)