Vulnerability in Microsoft Internet_explorer

CVE-2010-3346

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory c…

EPSS: 0.584 (98.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Internet_explorer — versions 8, 6, 7
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-908 — Use of Uninitialized Resource

References

TA10-348A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
MS10-090 (x_refsource_MS, vendor-advisory, Patch, Vendor Advisory)
oval:org.mitre.oval:def:12322 (Tool Signature, x_refsource_OVAL, signature, vdb-entry)
1024872 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)