Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-0808 | First vendor Publication | 2010-10-13 |
Vendor | Cve | Last vendor Modification | 2023-12-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0808 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6889 | |||
Oval ID: | oval:org.mitre.oval:def:6889 | ||
Title: | AutoComplete Information Disclosure Vulnerability | ||
Description: | Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0808 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
ExploitDB Exploits
id | Description |
---|---|
2010-10-16 | Microsoft Office HtmlDlgHelper Class Memory Corruption |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2416400) File : nvt/secpod_ms10-090.nasl |
2010-10-13 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2360131) File : nvt/secpod_ms10-071.nasl |
2010-09-23 | Name : Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability File : nvt/secpod_ms_ie_static_html_xss_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68544 | Microsoft IE AutoComplete Functionality Unspecified Information Disclosure Microsoft IE contains a flaw that may lead to an unauthorized information disclosure. Â The issue is that potentially allows form data within Internet Explorer to be captured via the AutoComplete feature.It can capture information previously entered into fields after the AutoComplete feature has been enabled |
Snort® IPS/IDS
Date | Description |
---|---|
2018-02-22 | toStaticHTML CSS import XSS exploit attempt RuleID : 45514 - Revision : 1 - Type : BROWSER-IE |
2017-07-11 | Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt RuleID : 43134 - Revision : 1 - Type : BROWSER-IE |
2016-03-14 | Microsoft Internet Explorer Scriptlet Component ActiveX clsid access RuleID : 36772 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft HtmlDlgHelper ActiveX clsid access RuleID : 23555 - Revision : 7 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt RuleID : 19436 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Cross-Domain information disclosure attempt RuleID : 19411 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 CSS XSRF exploit attempt RuleID : 17774 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Scriptlet Component ActiveX clsid access RuleID : 17772 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer cross-domain information disclosure attempt RuleID : 17771 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft HtmlDlgHelper ActiveX clsid access RuleID : 17770 - Revision : 18 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt RuleID : 17769 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 object event handler use after free exploit att... RuleID : 17768 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability RuleID : 17767 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt RuleID : 17766 - Revision : 15 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-13 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-071.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-12-07 21:28:03 |
|
2021-07-27 00:24:32 |
|
2021-07-24 01:44:09 |
|
2021-07-24 01:06:58 |
|
2021-07-23 21:24:59 |
|
2021-07-23 17:24:37 |
|
2020-05-23 00:25:23 |
|
2018-10-13 00:22:55 |
|
2017-09-19 09:23:40 |
|
2016-06-29 00:11:13 |
|
2016-04-26 19:37:37 |
|
2014-02-17 10:54:09 |
|
2013-05-10 23:19:31 |
|