Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-035.
Impact
Successful exploitation will let remote attackers to bypass security restrictions, gain knowledge of sensitive information or compromise a vulnerable system.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-035.mspx
Insight
Multiple flaws are due to:
- An error in the way the browser handles content using specific strings when sanitizing HTML via the 'toStaticHTML' API.
- An uninitialized memory error when processing certain HTML data, which could be exploited by attackers to execute arbitrary code via a malicious web page.
- Caching data and incorrectly allowing the cached content to be rendered as HTML, which could allow attackers to bypass domain restrictions.
Affected
Microsoft Internet Explorer version 5.x/6.x/7.x/8.x
References
Severity
Classification
-
CVE CVE-2010-0255, CVE-2010-1257, CVE-2010-1259, CVE-2010-1260, CVE-2010-1261, CVE-2010-1262 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
- Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
- Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
- Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)
- Cumulative Security Update for Internet Explorer (958215)