CVE-2010-0249

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 07, 2010
Published Date
January 15, 2010
Last Updated
August 07, 2024
Vendor
Microsoft
Product
Internet Explorer
Description
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
Tags
windows metasploit_scanner

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2010-01-15 17:00:00 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2010-01-15 17:00:00 UTC

Scanner Integrations

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ms10_002_aurora

Type: metasploit • Created: Unknown

Metasploit module for CVE-2010-0249

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit