CVE-2010-0248

HIGH

Microsoft Internet Explorer - Code Injection

Title source: rule

Description

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18642

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Peter Vreugdenhil, juan vazquez, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_002_ie_object.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/55778

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8267

Scores

CVSS v3 8.1

EPSS 0.7838

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94 CWE-416

Status published

Products (26)

microsoft/internet_explorer 8

microsoft/internet_explorer 8.0.6001

microsoft/internet_explorer 7

microsoft/internet_explorer 7.0

microsoft/internet_explorer 7.0.5730 unknown

microsoft/internet_explorer 7.0.5730.11

microsoft/internet_explorer 7.00.5730.1100

microsoft/internet_explorer 7.00.6000.16386

microsoft/internet_explorer 7.00.6000.16441

microsoft/internet_explorer 6 sp1 (2 CPE variants)

... and 16 more

Published Jan 22, 2010

Tracked Since Feb 18, 2026