Executive Summary

Summary
Title Cumulative Security Update for Internet Explorer (978207)
Informations
Name MS10-002 First vendor Publication 2010-01-21
Vendor Microsoft Last vendor Modification 2010-02-10
Severity (Vendor) Critical Revision 1.3

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.3 (February 10, 2010): Corrected the severity ratings for Internet Explorer 5.01 Service Pack 4 when installed on Microsoft Windows 2000 Service Pack 4 and Internet Explorer 6 for Windows XP Service Pack 2 for CVE-2010-0027.Summary: This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx

CWE : Common Weakness Enumeration

% Id Name
86 % CWE-94 Failure to Control Generation of Code ('Code Injection')
14 % CWE-416 Use After Free

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6835
 
Oval ID: oval:org.mitre.oval:def:6835
Title: HTML Object Memory Corruption Vulnerability (CVE-2010-0249)
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0249
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7715
 
Oval ID: oval:org.mitre.oval:def:7715
Title: XSS Filter Script Handling Vulnerability
Description: The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-4074
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8186
 
Oval ID: oval:org.mitre.oval:def:8186
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-0244)
Description: Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0244
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8267
 
Oval ID: oval:org.mitre.oval:def:8267
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-0248)
Description: Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0248
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8378
 
Oval ID: oval:org.mitre.oval:def:8378
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-0246)
Description: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0246
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8464
 
Oval ID: oval:org.mitre.oval:def:8464
Title: URL Validation Vulnerability
Description: The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0027
Version: 12
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8491
 
Oval ID: oval:org.mitre.oval:def:8491
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-0245)
Description: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0245
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8506
 
Oval ID: oval:org.mitre.oval:def:8506
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-0247)
Description: Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0247
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Internet Explorer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 30
Os 1
Os 1
Os 6
Os 4
Os 3

SAINT Exploits

Description Link
Internet Explorer Eventparam use-after-free vulnerability More info here

ExploitDB Exploits

id Description
2012-03-22 MS10-002 Internet Explorer Object Memory Use-After-Free
2010-07-12 Internet Explorer "Aurora" Memory Corruption
2010-01-17 Internet Explorer Aurora Exploit

OpenVAS Exploits

Date Description
2010-02-10 Name : Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerabili...
File : nvt/secpod_ms10-007.nasl
2010-01-22 Name : Microsoft Internet Explorer Multiple Vulnerabilities (978207)
File : nvt/secpod_ms10-002.nasl
2010-01-20 Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
File : nvt/gb_ms_ie_dep_remote_code_exec_vuln.nasl
2009-11-30 Name : Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09
File : nvt/secpod_ms_ie_xss_filter_xss_vuln_nov09.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62245 Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Comman...

61914 Microsoft IE Javascript Cloned DOM Object Handling Memory Corruption

61913 Microsoft IE HTML Object Handling Unspecified Memory Corruption

61912 Microsoft IE Baseline Tag Rendering Memory Corruption

61911 Microsoft IE Table Layout Reuse Memory Corruption

61910 Microsoft IE Table Layout Col Tag Cache Update Handling Memory Corruption

61909 Microsoft IE Unspecified Crafted URL Handling Arbitrary Code Execution

61697 Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora)

Internet Explorer contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered when a specially crafted website causes mshtml.dll to access memory that has been freed, allowing code execution.
60660 Microsoft IE Response-Changing Mechanism Output Encoding XSS

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-02-18 IAVM : 2010-A-0029 - Microsoft Windows Shell Handler Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0022683

Snort® IPS/IDS

Date Description
2017-10-03 Microsoft Windows Shell Handler remote code execution attempt
RuleID : 44218 - Revision : 1 - Type : OS-WINDOWS
2017-10-03 Microsoft Windows Shell Handler remote code execution attempt
RuleID : 44217 - Revision : 1 - Type : OS-WINDOWS
2017-10-03 Microsoft Windows Shell Handler remote code execution attempt
RuleID : 44216 - Revision : 1 - Type : OS-WINDOWS
2017-09-06 Microsoft Internet Explorer CTableLayout memory corruption attempt
RuleID : 43831 - Revision : 3 - Type : BROWSER-IE
2017-09-06 Microsoft Internet Explorer CTableLayout memory corruption attempt
RuleID : 43830 - Revision : 3 - Type : BROWSER-IE
2016-04-05 Microsoft Internet Explorer invalid object access memory corruption attempt
RuleID : 37947 - Revision : 1 - Type : BROWSER-IE
2016-04-05 Microsoft Internet Explorer invalid object access memory corruption attempt
RuleID : 37946 - Revision : 1 - Type : BROWSER-IE
2016-04-05 Microsoft Internet Explorer deleted object access memory corruption attempt
RuleID : 37945 - Revision : 1 - Type : BROWSER-IE
2016-04-05 Microsoft Internet Explorer invalid object access memory corruption attempt
RuleID : 37944 - Revision : 1 - Type : BROWSER-IE
2016-04-05 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 37881 - Revision : 2 - Type : BROWSER-IE
2015-03-27 Microsoft Internet Explorer CTableLayout memory corruption attempt
RuleID : 33570 - Revision : 3 - Type : BROWSER-IE
2015-03-27 Microsoft Internet Explorer CTableLayout memory corruption attempt
RuleID : 33569 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CTableLayout memory corruption attempt
RuleID : 28353 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CTableLayout memory corruption attempt
RuleID : 28352 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted object cells reference memory corruption ...
RuleID : 28287 - Revision : 5 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24872 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24871 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24870 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24869 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Microsoft Internet Explorer invalid object access memory corruption attempt
RuleID : 19937 - Revision : 12 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CTableLayout memory corruption attempt
RuleID : 18951 - Revision : 12 - Type : BROWSER-IE
2014-01-10 Microsoft Windows Shell Handler remote code execution attempt
RuleID : 16414 - Revision : 14 - Type : OS-WINDOWS
2014-01-10 Microsoft Internet Explorer deleted object cells reference memory corruption ...
RuleID : 16378 - Revision : 14 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 16377 - Revision : 18 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer CTableLayout memory corruption attempt
RuleID : 16376 - Revision : 13 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted object access memory corruption attempt
RuleID : 16369 - Revision : 14 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer invalid object access memory corruption attempt
RuleID : 16367 - Revision : 17 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 8 DOM memory corruption attempt
RuleID : 16326 - Revision : 11 - Type : BROWSER-IE

Metasploit Database

id Description
2010-01-21 MS10-002 Microsoft Internet Explorer Object Memory Use-After-Free
2010-01-14 MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption

Nessus® Vulnerability Scanner

Date Description
2010-02-09 Name : An API function on the remote host has a code execution vulnerability.
File : smb_nt_ms10-007.nasl - Type : ACT_GATHER_INFO
2009-01-21 Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms10-002.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2020-05-23 13:17:13
  • Multiple Updates
2015-03-27 21:26:28
  • Multiple Updates
2014-02-17 11:46:26
  • Multiple Updates
2014-01-19 21:30:25
  • Multiple Updates