Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (2183461) |
Informations | |||
---|---|---|---|
Name | MS10-053 | First vendor Publication | 2010-08-10 |
Vendor | Microsoft | Last vendor Modification | 2010-08-10 |
Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (August 10, 2010): Bulletin published.Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-053.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
33 % | CWE-362 | Race Condition |
33 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11832 | |||
Oval ID: | oval:org.mitre.oval:def:11832 | ||
Title: | HTML Layout Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2560 | Version: | 11 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11853 | |||
Oval ID: | oval:org.mitre.oval:def:11853 | ||
Title: | Race Condition Memory Corruption Vulnerability | ||
Description: | Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2558 | Version: | 11 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11954 | |||
Oval ID: | oval:org.mitre.oval:def:11954 | ||
Title: | Event Handler Cross-Domain Vulnerability | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1258 | Version: | 11 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11968 | |||
Oval ID: | oval:org.mitre.oval:def:11968 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2557 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11984 | |||
Oval ID: | oval:org.mitre.oval:def:11984 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2559 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11994 | |||
Oval ID: | oval:org.mitre.oval:def:11994 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2556 | Version: | 11 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2010-08-11 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2183461) File : nvt/secpod_ms10-053.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67003 | Microsoft IE HTML Layout Table Element Handling Memory Corruption Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that has not been correctly initialized or has been deleted. This may allow an attacker to exploited this flaw that could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
67002 | Microsoft IE Object Handling Unspecified Memory Corruption (2010-2559) Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that has not been correctly initialized or has been deleted. This may allow an attacker to exploited this flaw that could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
67001 | Microsoft IE CIframeElement Object Handling Race Condition Memory Corruption Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that may have been corrupted due to a race condition. This may allow an attacker to exploited this flaw that could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
67000 | Microsoft IE boundElements Property Handling Memory Corruption Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that has not been correctly initialized or has been deleted. This may allow an attacker to exploited this flaw that could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
66999 | Microsoft IE OnPropertyChange_Src() Function Malformed HTML/JS Data Handling ... Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that has not been correctly initialized or has been deleted. This may allow an attacker to successfully exploited this flaw and gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system |
66998 | Microsoft IE Event Handler Unspecified Cross-domain Information Disclosure Microsoft IE contains a flaw that may allow script to gain access to a browser window in another domain or Internet Explorer zone. Â The issue could exploit the flaw by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page and then interacts with the browser window using the mouse. |
Snort® IPS/IDS
Date | Description |
---|---|
2016-07-13 | Microsoft Internet Explorer use-after-free memory corruption attempt RuleID : 39175 - Revision : 2 - Type : BROWSER-IE |
2016-07-13 | Microsoft Internet Explorer iframe uninitialized memory corruption attempt RuleID : 39174 - Revision : 1 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer boundElements arbitrary code execution attempt RuleID : 37956 - Revision : 1 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer boundElements arbitrary code execution attempt RuleID : 37955 - Revision : 1 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer boundElements arbitrary code execution attempt RuleID : 37954 - Revision : 1 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer malformed table tag memory corruption attempt RuleID : 37936 - Revision : 1 - Type : BROWSER-IE |
2016-04-05 | Microsoft Internet Explorer malformed table tag memory corruption attempt RuleID : 37935 - Revision : 1 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer iframe uninitialized memory corruption attempt RuleID : 19181 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer malformed table tag memory corruption attempt RuleID : 19150 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer malformed table tag memory corruption attempt RuleID : 19149 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 6 race condition exploit attempt RuleID : 17136 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer invalid object access attempt RuleID : 17132 - Revision : 18 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 8 parent style rendering arbitrary code execution RuleID : 17131 - Revision : 21 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer boundElements arbitrary code execution attempt RuleID : 17130 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer use-after-free memory corruption attempt RuleID : 17129 - Revision : 24 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer cross domain information disclosure attempt RuleID : 17115 - Revision : 8 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-08-11 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-053.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:38 |
|
2014-01-19 21:30:30 |
|