Test ID:	1.3.6.1.4.1.25623.1.0.901097
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Internet Explorer Multiple Vulnerabilities (978207)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS10-002.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-002. Vulnerability Insight: Multiple flaws exist due to: - Use-after-free error in the 'mshtml.dll' library - Input validation error when processing URLs, which could allow a malicious web site to execute a binary from the local client system - Memory corruption error when the browser accesses certain objects, which could be exploited by remote attackers to execute arbitrary code - Browser disabling an HTML attribute in appropriately filtered response data, which could be exploited to execute script in the context of the logged-on user in a different Internet domain. - Error when the browser attempts to access incorrectly initialized memory which could be exploited by remote attackers to execute arbitrary code. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes via specially crafted HTML page in the context of the affected system and cause memory corruption. Affected Software/OS: Microsoft Internet Explorer version 5.x/6.x/7.x/8.x. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4074 BugTraq ID: 37135 http://www.securityfocus.com/bid/37135 http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/ http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/ Microsoft Security Bulletin: MS10-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7715 Common Vulnerability Exposure (CVE) ID: CVE-2010-0027 Bugtraq: 20100209 ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/509470/100/0/threaded Cert/CC Advisory: TA10-040A http://www.us-cert.gov/cas/techalerts/TA10-040A.html http://www.zerodayinitiative.com/advisories/ZDI-10-016/ Microsoft Security Bulletin: MS10-007 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8464 XForce ISS Database: ie-url-code-execution(55773) https://exchange.xforce.ibmcloud.com/vulnerabilities/55773 Common Vulnerability Exposure (CVE) ID: CVE-2010-0244 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8186 XForce ISS Database: ie-deleted-obj-code-exec(55774) https://exchange.xforce.ibmcloud.com/vulnerabilities/55774 Common Vulnerability Exposure (CVE) ID: CVE-2010-0245 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8491 XForce ISS Database: ie-uninitialized-memory-code-exec(55775) https://exchange.xforce.ibmcloud.com/vulnerabilities/55775 Common Vulnerability Exposure (CVE) ID: CVE-2010-0246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8378 XForce ISS Database: ie-deleted-object-code-exec(55776) https://exchange.xforce.ibmcloud.com/vulnerabilities/55776 Common Vulnerability Exposure (CVE) ID: CVE-2010-0247 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8506 XForce ISS Database: ie-uninitialized-obj-code-exec(55777) https://exchange.xforce.ibmcloud.com/vulnerabilities/55777 Common Vulnerability Exposure (CVE) ID: CVE-2010-0248 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8267 XForce ISS Database: ie-object-memory-code-exec(55778) https://exchange.xforce.ibmcloud.com/vulnerabilities/55778 Common Vulnerability Exposure (CVE) ID: CVE-2010-0249 BugTraq ID: 37815 http://www.securityfocus.com/bid/37815 Cert/CC Advisory: TA10-055A http://www.us-cert.gov/cas/techalerts/TA10-055A.html CERT/CC vulnerability note: VU#492515 http://www.kb.cert.org/vuls/id/492515 http://www.exploit-db.com/exploits/11167 http://news.cnet.com/8301-27080_3-10435232-245.html Microsoft Knowledge Base article: 979352 http://support.microsoft.com/kb/979352 http://osvdb.org/61697 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6835 http://securitytracker.com/id?1023462 http://www.vupen.com/english/advisories/2010/0135 XForce ISS Database: ie-freed-object-code-execution(55642) https://exchange.xforce.ibmcloud.com/vulnerabilities/55642
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.