What is the severity of CVE-2010-0249?

CVE-2010-0249 has a CVSS v3 score of 8.8, which is classified as High severity.

Is there an exploit available for CVE-2010-0249?

Yes, there are known exploits available for CVE-2010-0249. Immediate patching is recommended.

Is there a patch available for CVE-2010-0249?

Yes, patches are available for CVE-2010-0249. Check the vendor advisories for update instructions.

CVE-2010-0249 - CVE Details, Severity, and Analysis

CVE-2010-0249 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v38.8

CVSS v29.3

Priority Score970.0

EPSS Score91.0

High

Exploitation LikelihoodCritical

91.00%EPSS

Very high probability of exploitation in the next 30 days

Immediate patching required

91.00%

EPSS

8.8

CVSS

Yes

Exploit

Yes

Patch

Critical Priority

high EPSS • exploit exists • high priority

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Required

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability:High

Exploit References

Exploit-DB Exploit-db.com [email protected]

Patch References

[email protected][email protected][email protected]

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Microsoft	Windows Server 2008
Microsoft