Microsoft IE Uninitialized Object Remote Code Execution Vulnerability
Date Discovered:
06/08/2010
Severity:
High
Operating Systems
Affected:
Microsoft Windows 2000
Service Pack 4
Windows XP SP 2
Windows XP SP 3
Windows XP Professional x64 Edition SP 2
Windows Server 2003 SP 2
Windows Server 2003 x64 Edition SP 2
Windows Server 2003 SP2 for Itanium-based Systems
Windows Vista SP 1
Windows Vista SP 2
Windows Vista x64 Edition SP 1
Windows Vista x64 Edition SP 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems SP 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems SP 2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems SP 2
Application
Affected:
Internet Explorer 5.01
Service Pack 4
Internet Explorer 6 Service Pack 1
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Identifiers:
CVE-2010-1259
Synopsis
Microsoft
Internet explorer is prone to remote code execution vulnerability which
could be exploited by an attacker to execute arbitrary code on the
affected system.
A
remote code execution vulnerability exists in Microsoft Internet
Explorer due to improper accesses of an object that has not been
correctly initialized or has been deleted.
A remote attacker could exploit the vulnerability by tricking the user
to visit a specially crafted Web page that could allow arbitrary code
execution on the affected system. Successful exploitation of the
vulnerability could allow an attacker to install programs, view,
change, or delete data or create new accounts with full user rights.
