MS10-090 MS10-090 - Critical: Cumulative Security Update for Internet Explorer (2416400)
Critical2010-12-14 Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
94.68%
Published
2010-12-16
Updated
2023-12-07
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
Max CVSS
4.3
EPSS Score
0.96%
Published
2010-12-16
Updated
2022-02-28
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
84.97%
Published
2010-12-16
Updated
2022-02-28
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
95.59%
Published
2010-12-16
Updated
2022-02-28
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
95.59%
Published
2010-12-16
Updated
2022-02-28
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
Max CVSS
4.3
EPSS Score
0.96%
Published
2010-12-16
Updated
2022-02-28
CVE-2010-3962
Public exploit
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
Max CVSS
9.3
EPSS Score
96.97%
Published
2010-11-05
Updated
2022-02-28