<< Back
CVE Number Vulnerability Product Severity Date
MS10-002 Cumulative Security Update for Internet Explorer (978207) Internet Explorer Critical 16-01-2010

Technical Information

Brief overview of the risk:
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Detailed Information on the risk:

In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attackerÆs Web site.
 
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.


Further information on this exploit is available at : 979352

Affected Software

Internet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for Windows XP Service Pack 2
Internet Explorer 6 for Windows XP Service Pack 3
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 Service Pack 2)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 with SP2 for Itanium-based Systems)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 x64 Edition Service Pack 2)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 Service Pack 2)
Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 with SP2 for Itanium-based Systems)
Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 x64 Edition Service Pack 2)
Microsoft Internet Explorer 7 (Microsoft Windows Vista)
Microsoft Internet Explorer 7 (Microsoft Windows XP Professional x64 Edition Service Pack 2)
Microsoft Internet Explorer 7 (Microsoft Windows XP Service Pack 2)
Microsoft Internet Explorer 7 (Windows Server 2003 Service Pack 2)
Microsoft Internet Explorer 7 (Windows Server 2008 for 32-bit Systems Service Pack 2)
Microsoft Internet Explorer 7 (Windows Server 2008 for 32-bit Systems)
Microsoft Internet Explorer 7 (Windows Server 2008 for Itanium-based Systems Service Pack 2)
Microsoft Internet Explorer 7 (Windows Server 2008 for Itanium-based Systems)
Microsoft Internet Explorer 7 (Windows Server 2008 for x64-based Systems Service Pack 2)
Microsoft Internet Explorer 7 (Windows Server 2008 for x64-based Systems)
Microsoft Internet Explorer 7 (Windows Vista Service Pack 1)
Microsoft Internet Explorer 7 (Windows Vista Service Pack 2)
Microsoft Internet Explorer 7 (Windows Vista x64 Edition Service Pack 1)
Microsoft Internet Explorer 7 (Windows Vista x64 Edition Service Pack 2)
Microsoft Internet Explorer 7 (Windows Vista x64 Edition)
Microsoft Internet Explorer 8 (Windows 7 for 32-bit Systems)
Microsoft Internet Explorer 8 (Windows 7 for x64-based Systems)
Microsoft Internet Explorer 8 (Windows Server 2003 Service Pack 2)
Microsoft Internet Explorer 8 (Windows Server 2003 x64 Edition Service Pack 2)
Microsoft Internet Explorer 8 (Windows Server 2008 for 32-bit Systems Service Pack 2)
Microsoft Internet Explorer 8 (Windows Server 2008 for 32-bit Systems)
Microsoft Internet Explorer 8 (Windows Server 2008 for x64-based Systems Service Pack 2)
Microsoft Internet Explorer 8 (Windows Server 2008 for x64-based Systems)
Microsoft Internet Explorer 8 (Windows Server 2008 R2 for Itanium-based Systems)
Microsoft Internet Explorer 8 (Windows Server 2008 R2 for x64-based Systems)
Microsoft Internet Explorer 8 (Windows Vista Service Pack 1)
Microsoft Internet Explorer 8 (Windows Vista Service Pack 2)
Microsoft Internet Explorer 8 (Windows Vista x64 Edition Service Pack 1)
Microsoft Internet Explorer 8 (Windows Vista x64 Edition Service Pack 2)
Microsoft Internet Explorer 8 (Windows Vista x64 Edition)
Microsoft Internet Explorer 8 (Windows Vista)
Microsoft Windows 2000 Service Pack 4
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Vista
Windows Vista Service Pack 1
Windows Vista Service Pack 2
Windows XP Professional x64 Edition Service Pack 2
Windows XP Service Pack 2
Windows XP Service Pack 3