CVE-2010-0492

high-risk
Published 2010-03-31

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

Do I need to act?

!
62.8% chance of exploitation in next 30 days
EPSS score — higher than 37% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (19)

Affected Vendors

Microsoft

References (18)

http://securitytracker.com/id?1023773
http://www.securityfocus.com/archive/1/510506/100/0/threaded
Patch http://www.securityfocus.com/bid/39030
US Government Resource http://www.us-cert.gov/cas/techalerts/TA10-068A.html
US Government Resource http://www.us-cert.gov/cas/techalerts/TA10-089A.html
Patch http://www.vupen.com/english/advisories/2010/0744
http://www.zerodayinitiative.com/advisories/ZDI-10-033
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-01...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
http://securitytracker.com/id?1023773
http://www.securityfocus.com/archive/1/510506/100/0/threaded
Patch http://www.securityfocus.com/bid/39030
US Government Resource http://www.us-cert.gov/cas/techalerts/TA10-068A.html
US Government Resource http://www.us-cert.gov/cas/techalerts/TA10-089A.html
Patch http://www.vupen.com/english/advisories/2010/0744
http://www.zerodayinitiative.com/advisories/ZDI-10-033
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-01...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
62
/ 100
high-risk
Severity 24/34 · High
Exploitability 19/34 · Moderate
Exposure 19/34 · Moderate