CVE-2010-0249
8.8 HIGHUse-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Serve...
Published: 2010-01-15 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-416
Affected products
| Vendor | Product |
|---|---|
| microsoft | internet_explorer |
Description
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2010-0249
- [Vendor advisory]http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx
- [Other]http://news.cnet.com/8301-27080_3-10435232-245.html
- [Other]http://osvdb.org/61697
- [Other]http://securitytracker.com/id?1023462
- [Patch]http://support.microsoft.com/kb/979352
- [Exploit reference]http://www.exploit-db.com/exploits/11167
- [Other]http://www.kb.cert.org/vuls/id/492515
- [Patch]http://www.microsoft.com/technet/security/advisory/979352.mspx
- [Exploit reference]http://www.securityfocus.com/bid/37815
- [Other]http://www.us-cert.gov/cas/techalerts/TA10-055A.html
- [Other]http://www.vupen.com/english/advisories/2010/0135
- [Patch]https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/55642
- [Other]https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6835
- [Vendor advisory]http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx
- [Other]http://news.cnet.com/8301-27080_3-10435232-245.html
- [Other]http://osvdb.org/61697
- [Other]http://securitytracker.com/id?1023462
- [Patch]http://support.microsoft.com/kb/979352
- [Exploit reference]http://www.exploit-db.com/exploits/11167
- [Other]http://www.kb.cert.org/vuls/id/492515
- [Patch]http://www.microsoft.com/technet/security/advisory/979352.mspx
- [Exploit reference]http://www.securityfocus.com/bid/37815
- [Other]http://www.us-cert.gov/cas/techalerts/TA10-055A.html
- [Other]http://www.vupen.com/english/advisories/2010/0135
- [Patch]https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/55642
- [Other]https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6835
- [Other]https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0249
Related CVEs
Same vendor
- CVE-2026-50512 — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privilege... (7.8 HIGH)
- CVE-2026-50511 — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privilege... (7.8 HIGH)
- CVE-2026-50507 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack (6.8 MEDIUM)
- CVE-2026-49161 — Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally (7.8 HIGH)
- CVE-2026-49160 — Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network (7.5 HIGH)
Same CWE
- CVE-2026-10640 — Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated th... (4.2 MEDIUM)
- CVE-2026-10639 — In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to ne... (4.8 MEDIUM)
- CVE-2026-10638 — subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data() (5.9 MEDIUM)
- CVE-2026-10637 — subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully (5.9 MEDIUM)
- CVE-2026-10636 — In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_i... (3.7 LOW)