CVE-2010-0492

high Microsoft
CVSS v3 Base Score
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
62.8%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: March 31, 2010 (5888 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD

Description

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

CWE

CWE-94

Affected Products

microsoft internet explorermicrosoft windows 2003 servermicrosoft windows 7microsoft windows server 2003microsoft windows server 2008microsoft windows vistamicrosoft windows xp

References

🔗 securitytracker.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 www.us-cert.gov 🔗 www.us-cert.gov