CVE-2010-0249
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 07, 2010
- Published Date
- January 15, 2010
- Last Updated
- August 07, 2024
- Vendor
- Microsoft
- Product
- Internet Explorer
- Description
- Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
- Tags
- Exploited in the Wild
- Yes (2010-01-15 17:00:00 UTC) Source
windows
metasploit_scanner
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploit Status
References
http://www.microsoft.com/technet/security/advisory/979352.mspx
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6835
http://osvdb.org/61697
http://www.securityfocus.com/bid/37815
http://www.kb.cert.org/vuls/id/492515
http://www.exploit-db.com/exploits/11167
http://support.microsoft.com/kb/979352
http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx
https://exchange.xforce.ibmcloud.com/vulnerabilities/55642
http://www.us-cert.gov/cas/techalerts/TA10-055A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002
http://news.cnet.com/8301-27080_3-10435232-245.html
http://securitytracker.com/id?1023462
http://www.vupen.com/english/advisories/2010/0135
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2010-01-15 17:00:00 UTC |
Scanner Integrations
Scanner | URL | Date Detected |
---|---|---|
Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_002_aurora.rb | 2025-04-29 11:01:32 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ms10_002_aurora
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-0249
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit