CVE-2010-0249

HIGH KEV

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 - Use-After-Free via HTML Object Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-0249 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 20, 2026. EIP tracks 3 public exploits from researchers including Metasploit, Ahmed Obied, unknown, hdm, including a Metasploit module exploits/windows/browser/ms10_002_aurora.

AI-analyzed exploit summary This is a Metasploit module exploiting CVE-2010-0249, a memory corruption vulnerability in Internet Explorer 6. It uses heap spraying and a malformed comment element to achieve remote code execution.

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16599

This is a Metasploit module exploiting CVE-2010-0249, a memory corruption vulnerability in Internet Explorer 6. It uses heap spraying and a malformed comment element to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 6
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Ahmed Obied · pythonremotewindows
https://www.exploit-db.com/exploits/11167

This exploit targets CVE-2010-0249, a vulnerability in Internet Explorer, by serving a malicious HTML page that triggers a use-after-free condition to execute arbitrary code. The payload spawns a calculator as a proof-of-concept.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 6 on Windows XP SP2
No auth needed
Prerequisites: Victim must visit the malicious web server using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by unknown, hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_002_aurora.rb

This Metasploit module exploits a memory corruption vulnerability in Internet Explorer 6 (CVE-2010-0249) by leveraging a heap spray technique and a crafted HTML page with JavaScript to achieve remote code execution. The exploit was part of the 'Operation Aurora' attacks and is a direct port of the public sample published to Wepawet.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (15)

Core 15
Core References
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.microsoft.com/technet/security/advisory/979352.mspx
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/61697
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37815
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/492515
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11167
Patch, Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/979352
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55642
Broken Link, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-055A.html
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023462
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0135

Scores

CVSS v3 8.8
EPSS 0.8868
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2026-05-20
VulnCheck KEV 2010-01-15
InTheWild.io 2019-02-26
ENISA EUVD EUVD-2010-0280
CWE
CWE-416
Status published
Products (4)
microsoft/internet_explorer 5.0.1 sp4
microsoft/internet_explorer 6 sp1 (2 CPE variants)
microsoft/internet_explorer 7.0
microsoft/internet_explorer 8
Published Jan 15, 2010
KEV Added May 20, 2026
Tracked Since Feb 18, 2026