CVE-2010-0249

HIGH

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 1/15/2010Modified: 5/21/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (29)

http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspxBroken LinkVendor Advisory http://news.cnet.com/8301-27080_3-10435232-245.htmlBroken Link http://osvdb.org/61697Broken Link http://securitytracker.com/id?1023462Broken LinkThird Party Advisory http://support.microsoft.com/kb/979352PatchVendor Advisory http://www.exploit-db.com/exploits/11167ExploitThird Party Advisory http://www.kb.cert.org/vuls/id/492515Third Party AdvisoryUS Government Resource http://www.microsoft.com/technet/security/advisory/979352.mspxBroken LinkPatch http://www.securityfocus.com/bid/37815Broken LinkExploit http://www.us-cert.gov/cas/techalerts/TA10-055A.htmlBroken LinkThird Party Advisory http://www.vupen.com/english/advisories/2010/0135Broken Link https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002PatchVendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/55642Third Party AdvisoryVDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6835Broken Link http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspxBroken LinkVendor Advisory http://news.cnet.com/8301-27080_3-10435232-245.htmlBroken Link http://osvdb.org/61697Broken Link http://securitytracker.com/id?1023462Broken LinkThird Party Advisory http://support.microsoft.com/kb/979352PatchVendor Advisory http://www.exploit-db.com/exploits/11167ExploitThird Party Advisory http://www.kb.cert.org/vuls/id/492515Third Party AdvisoryUS Government Resource http://www.microsoft.com/technet/security/advisory/979352.mspxBroken LinkPatch http://www.securityfocus.com/bid/37815Broken LinkExploit http://www.us-cert.gov/cas/techalerts/TA10-055A.htmlBroken LinkThird Party Advisory http://www.vupen.com/english/advisories/2010/0135Broken Link https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002PatchVendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/55642Third Party AdvisoryVDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6835Broken Link https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0249US Government Resource