Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-071.
Impact
Successful exploitation could allow remote attackers to gain knowledge of sensitive information or execute arbitrary code.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-071.mspx
Insight
- The browser allowing for automated, scripted instructions to simulate user actions on the AutoComplete feature, which could allow attackers to capture information previously entered into fields after the AutoComplete feature has been enabled.
- An error in the way the toStaticHTML API sanitizes HTML, which could allow cross-site scripting attacks.
- An error when processing CSS special characters, which could allow attackers to view content from another domain or Internet Explorer zone.
- An uninitialized memory corruption error when processing malformed data, which could allow attackers to execute arbitrary code via a malicious web page.
- The Anchor element not being removed from the editable HTML element during specific user operations, potentially revealing personally identifiable information intended for deletion.
- The browser allowing scripts to access and read content from different domains, which could allow cross-domain scripting attacks.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x
References
Severity
Classification
-
CVE CVE-2010-0808, CVE-2010-3243, CVE-2010-3324, CVE-2010-3325, CVE-2010-3326, CVE-2010-3327, CVE-2010-3328, CVE-2010-3329, CVE-2010-3330, CVE-2010-3331 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
- Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
- Message Queuing Remote Code Execution Vulnerability (951071)
- Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
- Microsoft Groove Remote Code Execution Vulnerability (2494047)