CVE-2010-0027

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
50.1%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: January 22, 2010 (5956 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD

Description

The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."

CWE

CWE-94

Affected Products

microsoft internet explorermicrosoft windows 7microsoft windows server 2003microsoft windows server 2008microsoft windows vistamicrosoft windows xpmicrosoft windows 2000microsoft windows 2003 server

References

🔗 www.securityfocus.com 🔗 www.us-cert.gov 🔗 www.zerodayinitiative.com 🔗 docs.microsoft.com 🔗 docs.microsoft.com