Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Internet Explorer
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11052
Тип:удаленная
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, межсайтовый доступ.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability.")
 CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.)
 CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability.")
 CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer Table Element Use-after-free Vulnerability (CVE-2010-2560) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "CIframeElement" Object Use-after-free Vulnerability (CVE-2010-2558) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "OnPropertyChange_Src()" Use-after-free Vulnerability (CVE-2010-2556) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "boundElements" Property Use-after-free Vulnerability (CVE-2010-2557) (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-053 - Critical Cumulative Security Update for Internet Explorer (2183461) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-053 - Critical Cumulative Security Update for Internet Explorer (2183461)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород