4.3 - CVE-2010-0494

Executive Summary

Informations
Name	CVE-2010-0494	First vendor Publication	2010-03-31
Vendor	Cve	Last vendor Modification	2023-12-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0494

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-200	Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8553

Oval ID:	oval:org.mitre.oval:def:8553
Title:	HTML Element Cross-Domain Vulnerability
Description:	Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0494	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8
Definition Synopsis:
Internet Explorer 6 on Windows 2000 - RTMGDR Microsoft Windows 2000 is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2800.1646 OR Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.3676 OR Internet Explorer 6 on XP x86 Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.5945 OR Internet Explorer 6 on XP x64, Server 2003 x86/x64/ia64 XP x64/server 2003 x86/x64/ia64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4672 OR Internet Explorer 7 on XP x86/x64 - GDR XP x86/x64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.16000 AND Mshtml.dll version is less than 7.0.6000.17023 OR Internet Explorer 7 on XP x86/x64 - QFE XP x86/x64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21228 OR Internet Explorer 7 on Server 2003 x86/x64/ia64 - GDR Server 2003 x86/x64/ia64 Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.16000 AND Mshtml.dll version is less than 7.0.6000.17023 OR Internet Explorer 7 on Server 2003 x86/x64/ia64 - QFE Server 2003 x86/x64/ia64 Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21228 OR Internet Explorer 7 on Vista x86/x64 - GDR Vista x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.16000 AND Mshtml.dll version is less than 7.0.6000.17037 OR Internet Explorer 7 on Vista x86/x64 - LDR Vista x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6000.20000 AND Mshtml.dll version is less than 7.0.6000.21242 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 - GDR Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6001.16000 AND Mshtml.dll version is less than 7.0.6001.18444 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 - LDR Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6001.20000 AND Mshtml.dll version is less than 7.0.6001.22653 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 - GDR Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6002.18000 AND Mshtml.dll version is less than 7.0.6002.18226 OR Internet Explorer 7 on Vista x86/x64, Server 2008 x86/x64/ia64 - LDR Vista x86/x64, Server 2008 x86/x64/ia64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Internet Explorer 7 is installed AND Mshtml.dll version is greater than 7.0.6002.22000 AND Mshtml.dll version is less than 7.0.6002.22360 OR Internet Explorer 8 on XP x86/x64, Server 2003 x86/x64 - GDR XP x86/x64, Server 2003 x86/x64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND Mshtml.dll version is greater than 8.0.6001.18000 AND Mshtml.dll version is less than 8.0.6001.18904 OR Internet Explorer 8 on XP x86/x64, Server 2003 x86/x64/ia64 - LDR XP x86/x64, Server 2003 x86/x64 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Internet Explorer 8 is installed AND Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.22995 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 - GDR Vista x86/x64, Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND Mshtml.dll version is greater than 8.0.6001.18000 AND Mshtml.dll version is less than 8.0.6001.18904 OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 - LDR Vista x86/x64, all Server 2008 x86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Internet Explorer 8 is installed AND Mshtml.dll version is greater than 8.0.6001.22000 AND Mshtml.dll version is less than 8.0.6001.22995 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 - GDR 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND Mshtml.dll version is greater than or equal 8.0.7600.16000 AND Mshtml.dll version is less than 8.0.7600.16535 OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 - LDR 7 x86/x64, Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Internet Explorer 8 is installed AND Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Mshtml.dll version is less than 8.0.7600.20651

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Internet Explorer cpe:2.3:a:microsoft:internet_explorer:8.0.6001:::::::* cpe:2.3:a:microsoft:internet_explorer:8:::::::* cpe:2.3:a:microsoft:internet_explorer:7:::::::* cpe:2.3:a:microsoft:internet_explorer:6:::::::* cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::	5
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000::sp4::::::*	1
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server::sp2::::::* cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::	2
Os	Microsoft Windows 7 cpe:2.3:o:microsoft:windows_7:-:::::::*	1
Os	Microsoft Windows Server 2003 cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008::r2:x64::::: cpe:2.3:o:microsoft:windows_server_2008::sp2:x32::::: cpe:2.3:o:microsoft:windows_server_2008:::x32:::::* cpe:2.3:o:microsoft:windows_server_2008::r2:itanium::::: cpe:2.3:o:microsoft:windows_server_2008::sp2:x64::::: cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::* cpe:2.3:o:microsoft:windows_server_2008:::x64:::::* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::*	9
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista:::x64:::::* cpe:2.3:o:microsoft:windows_vista:::::::: cpe:2.3:o:microsoft:windows_vista::sp1::::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::* cpe:2.3:o:microsoft:windows_vista:-:sp2:::::: cpe:2.3:o:microsoft:windows_vista:-:sp1::::::	6
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp2::::::* cpe:2.3:o:microsoft:windows_xp::sp3::::::* cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	3

ExploitDB Exploits

id	Description
2010-12-14	Internet Explorer DHTML Behaviors Use After Free
2010-04-30	Internet Explorer Tabular Data Control ActiveX Memory Corruption

OpenVAS Exploits

Date	Description
2010-04-01	Name : Microsoft Internet Explorer Multiple Vulnerabilities (980182) File : nvt/secpod_ms10-018.nasl
2010-03-10	Name : MS Internet Explorer Remote Code Execution Vulnerability (981374) File : nvt/gb_ms_ie_remote_code_exe_vuln_981374.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
63328	Microsoft IE HTML Element Handling Cross-Domain Information Disclosure

Snort® IPS/IDS

Date	Description
2014-11-16	Microsoft Internet Explorer outerHTML against incomplete element heap corrupt... RuleID : 31504 - Revision : 3 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer innerHTML against incomplete element heap corrupt... RuleID : 27222 - Revision : 4 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25986 - Revision : 7 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25985 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25984 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Microsoft Windows Tabular Control ActiveX overflow by CLSID / param tag RuleID : 19893 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer outerHTML against incomplete element heap corrupt... RuleID : 19147 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer invalid pointer memory corruption attempt RuleID : 18540 - Revision : 6 - Type : SPECIFIC-THREATS
2014-01-10	Microsoft Internet Explorer event handling remote code execution attempt RuleID : 18539 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 17688 - Revision : 13 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer invalid pointer memory corruption attempt RuleID : 17687 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer invalid pointer memory corruption attempt RuleID : 17686 - Revision : 12 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer invalid pointer memory corruption attempt RuleID : 17685 - Revision : 12 - Type : BROWSER-IE
2015-05-28	Microsoft Tabular Control ActiveX overflow by CLSID / param tag RuleID : 16559 - Revision : 5 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Internet Explorer malformed span/div html document heap corruption ... RuleID : 16512 - Revision : 16 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer Tabular Control ActiveX overflow by ProgID RuleID : 16511 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID RuleID : 16510 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer designMode-enabled information disclosure attempt RuleID : 16509 - Revision : 8 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code... RuleID : 16508 - Revision : 15 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer onreadystatechange memory corruption attempt RuleID : 16507 - Revision : 16 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer innerHTML against incomplete element heap corrupt... RuleID : 16506 - Revision : 20 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer HTML parsing memory corruption attempt RuleID : 16505 - Revision : 8 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer 7 encoded content handling exploit attempt RuleID : 16504 - Revision : 8 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer event handling remote code execution attempt RuleID : 16503 - Revision : 15 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 16482 - Revision : 15 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date	Description
2010-03-30	Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-018.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/39047
CERT	http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html
MS	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10...
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK	http://securitytracker.com/id?1023773
VUPEN	http://www.vupen.com/english/advisories/2010/0744

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-12-07 21:28:04	Multiple Updates
2021-07-27 00:24:33	Multiple Updates
2021-07-24 01:44:10	Multiple Updates
2021-07-24 01:06:53	Multiple Updates
2021-07-23 21:25:00	Multiple Updates
2021-07-23 17:24:37	Multiple Updates
2020-05-23 00:25:15	Multiple Updates
2019-02-26 17:19:32	Multiple Updates
2018-10-31 00:20:02	Multiple Updates
2018-10-13 00:22:55	Multiple Updates
2017-09-19 09:23:38	Multiple Updates
2016-08-31 12:02:03	Multiple Updates
2016-08-05 12:02:24	Multiple Updates
2016-06-28 18:01:40	Multiple Updates
2016-04-26 19:34:16	Multiple Updates
2014-02-17 10:53:47	Multiple Updates
2014-01-19 21:26:38	Multiple Updates
2013-05-10 23:17:56	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	28
Sources(s)	7
osvdb(s)	1
ExploitDB Exploit(s)	2
Openvas Exploit(s)	2
Snort® Rule(s)	25
Nessus® Exploit(s)	1

	Related
9.3	TA10-089A
9.3	TA10-068A
9.3	MS10-018
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)