Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (2416400) |
Informations | |||
---|---|---|---|
Name | MS10-090 | First vendor Publication | 2010-12-14 |
Vendor | Microsoft | Last vendor Modification | 2011-01-04 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (January 4, 2011): Added an update FAQ to announce a detection change that helps to ensure that previously released cumulative Internet Explorer updates are correctly offered in the order that they were released. This is a detection change only. There were no changes to the security update files.Summary: This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-200 | Information Exposure |
25 % | CWE-416 | Use After Free |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11447 | |||
Oval ID: | oval:org.mitre.oval:def:11447 | ||
Title: | Cross-Domain Information Disclosure Vulnerability | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3342 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11574 | |||
Oval ID: | oval:org.mitre.oval:def:11574 | ||
Title: | DEPRECATED: Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3962 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11849 | |||
Oval ID: | oval:org.mitre.oval:def:11849 | ||
Title: | HTML Element Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3345 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12055 | |||
Oval ID: | oval:org.mitre.oval:def:12055 | ||
Title: | Cross-Domain Information Disclosure Vulnerability | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3348 | Version: | 12 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12204 | |||
Oval ID: | oval:org.mitre.oval:def:12204 | ||
Title: | HTML Object Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3340 | Version: | 8 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12279 | |||
Oval ID: | oval:org.mitre.oval:def:12279 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3962 | Version: | 12 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12322 | |||
Oval ID: | oval:org.mitre.oval:def:12322 | ||
Title: | HTML Element Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3346 | Version: | 12 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12372 | |||
Oval ID: | oval:org.mitre.oval:def:12372 | ||
Title: | HTML Object Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3343 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer 6 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
SAINT Exploits
Description | Link |
---|---|
Internet Explorer CSS clip attribute memory corruption | More info here |
Internet Explorer HTML+TIME element OuterText memory corruption | More info here |
ExploitDB Exploits
id | Description |
---|---|
2011-01-20 | Internet Explorer CSS SetUserClip Memory Corruption |
2010-11-04 | Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2416400) File : nvt/secpod_ms10-090.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69830 | Microsoft IE Cross-Domain Information Disclosure (2010-3348) Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program fails to prevent rendering of cached content as HTML occurs, allowing a context-dependent attacker to use a maliciously crafted web page to obtain potentially sensitive information from a different domain or zone via unspecificed script code. |
69829 | Microsoft IE HTML+Time Element outerText Memory Corruption A memory corruption flaw exists in Microsoft Internet Explorer. The Timed Interactive Multimedia Extensions component fails to sanitize user-supplied input when removing an element referenced by a tag used for implementing an animation, causing the application to access a previously freed element, resulting in memory corruption. With a specially crafted web-page, a context-dependent attacker can execute arbitrary code. |
69828 | Microsoft IE Recursive Select Element Remote Code Execution A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to properly handle objects in memory, allowing an attacker to access an object that was not properly initialized or has been deleted, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code. |
69827 | Microsoft IE Animation HTML Object Memory Corruption (2010-3343) A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to properly handle objects in memory, allowing an attacker to access an object that was not properly initialized or has been deleted, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code. |
69826 | Microsoft IE Cross-Domain Information Disclosure (2010-3342) Microsoft IE contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the program does not prevent rendering of cached content as HTML occurs, which will disclose content from the local computer or browser window to a context-dependent attacker via a specially crafted website. |
69825 | Microsoft IE HTML Object Memory Corruption (2010-3340) A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to properly handle objects in memory, resulting in memory corruption. With a specially crafted object that was not properly initialized or was deleted, a context-dependent attacker can execute arbitrary code. |
68987 | Microsoft IE mshtml CSS Tag Use-after-free Memory Corruption Microsoft IE contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to an invalid flag reference within Internet Explorer. It can allow remote code execution |
Snort® IPS/IDS
Date | Description |
---|---|
2015-01-20 | Microsoft Internet Explorer COleSite ActiveX memory corruption attempt RuleID : 32844 - Revision : 3 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer CSS style memory corruption attempt RuleID : 25329 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS style memory corruption attempt RuleID : 19873 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS style memory corruption attempt RuleID : 19084 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer malformed table remote code execution attempt RuleID : 18221 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer time element memory corruption attempt RuleID : 18218 - Revision : 16 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer select element memory corruption attempt RuleID : 18217 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 6 #default#anim attempt RuleID : 18216 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer COleSite ActiveX memory corruption attempt RuleID : 18199 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer COleSite ActiveX memory corruption attempt RuleID : 18198 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer COleSite ActiveX memory corruption attempt RuleID : 18197 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | DNS request for known malware domain www.dd0415.net RuleID : 18185 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain dnf.gametime.co.kr RuleID : 18184 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain mailzou.com RuleID : 18183 - Revision : 4 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain dfgdd.9y6c.co.cc RuleID : 18166 - Revision : 4 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain e.mssm.com RuleID : 18165 - Revision : 10 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.yx240.com RuleID : 18164 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.yisaa.com RuleID : 18163 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.weilingcy.com RuleID : 18162 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.street08.com RuleID : 18161 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.stony-skunk.com RuleID : 18160 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.soanala.com RuleID : 18159 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.shzhaotian.cn RuleID : 18158 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.quyou365.com RuleID : 18157 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.pxflm.com RuleID : 18156 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.pplog.cn RuleID : 18155 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.nc57.com RuleID : 18154 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.maoyiren.com RuleID : 18153 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.mainhu.com RuleID : 18152 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.kingsoftduba2009.com RuleID : 18151 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.jxbaike.com RuleID : 18150 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.haosf08.com RuleID : 18149 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.haoleyou.com RuleID : 18148 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.gev.cn RuleID : 18147 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.gdfp365.cn RuleID : 18146 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.fp360.net RuleID : 18145 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.fp0769.com RuleID : 18144 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.fp0755.cn RuleID : 18143 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.eastadmin.com RuleID : 18142 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.dspenter.com RuleID : 18141 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.cqtjg.com RuleID : 18140 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.china-aoben.com RuleID : 18139 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.chateaulegend.com RuleID : 18138 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.9292cs.cn RuleID : 18137 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.66xihu.com RuleID : 18136 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.555hd.com RuleID : 18135 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.551sf.com RuleID : 18134 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.001zs.com RuleID : 18133 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.ybtour.co.kr RuleID : 18131 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.wwmei.com RuleID : 18130 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.w22rt.com RuleID : 18129 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.uwonderfull.com RuleID : 18128 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.univus.co.kr RuleID : 18127 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.tpydb.com RuleID : 18126 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.tpydb.com RuleID : 18125 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.sijianfeng.com RuleID : 18124 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.phoroshop.es RuleID : 18123 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.opusgame.com RuleID : 18122 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.linzhiling123.com RuleID : 18121 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.iwebdy.net RuleID : 18120 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.ilbondrama.net RuleID : 18119 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.hao1345.com RuleID : 18118 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.cineseoul.com RuleID : 18117 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.bnbsoft.co.kr RuleID : 18116 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.ajs2002.com RuleID : 18115 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.5fqq.com RuleID : 18114 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain wusheng03.3322.org RuleID : 18113 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain wenyixuan.3322.org. RuleID : 18112 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain v.9y9c.co.cc RuleID : 18111 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain tiantianzaixian.gotoip1.com RuleID : 18110 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain talk.cetizen.com RuleID : 18109 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain phoroshop.es RuleID : 18108 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain jsshmz.gotoip4.com RuleID : 18107 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain e.msssm.com RuleID : 18106 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain baidutaobao.gotoip55.com RuleID : 18105 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain b.9s3.info RuleID : 18104 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain 5yvod.net RuleID : 18103 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain wenyixuan.3322.org RuleID : 18081 - Revision : 5 - Type : BLACKLIST |
2015-05-28 | Microsoft Internet Explorer CSS style memory corruption attempt RuleID : 18062 - Revision : 7 - Type : WEB-CLIENT |
Metasploit Database
id | Description |
---|---|
2010-11-03 | MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-20 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_kb2488013.nasl - Type : ACT_GATHER_INFO |
2010-12-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-090.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2015-05-28 21:26:37 |
|
2015-01-20 21:25:02 |
|
2014-02-17 11:46:46 |
|
2014-01-19 21:30:33 |
|