QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0249

Published: Jan 15, 2010

Modified: May 21, 2026

PUBLISHED

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.microsoft.com/technet/security/advisory/979352.mspx

x_refsource_CONFIRM

oval:org.mitre.oval:def:6835

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT-VN

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_MSKB

http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx

x_refsource_CONFIRM

ie-freed-object-code-execution(55642)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT

vendor-advisory

x_refsource_MS

http://news.cnet.com/8301-27080_3-10435232-245.html

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.