Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer multiple security vulnerabilities
Published:11.08.2010
Source:
SecurityVulns ID:11052
Type:remote
Threat Level:
9/10
Description:Multiple memory corruptions, crossite access.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability.")
 CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.)
 CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability.")
 CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer Table Element Use-after-free Vulnerability (CVE-2010-2560) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "CIframeElement" Object Use-after-free Vulnerability (CVE-2010-2558) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "OnPropertyChange_Src()" Use-after-free Vulnerability (CVE-2010-2556) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "boundElements" Property Use-after-free Vulnerability (CVE-2010-2557) (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-053 - Critical Cumulative Security Update for Internet Explorer (2183461) (11.08.2010)
Files:Microsoft Security Bulletin MS10-053 - Critical Cumulative Security Update for Internet Explorer (2183461)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod