Exposures › CVE-2010-0249
Microsoft Internet Explorer use-after-free vulnerability (CVE-2010-0249) allows remote code execution on EoL browsers.
This use-after-free flaw enables remote attackers to execute arbitrary code on Internet Explorer, a product Microsoft has marked as end-of-life and end-of-service. DIB organizations must ensure no legacy IE usage remains in their environments to avoid exploitation via compromised web content.
Shame score — While the vulnerability is actively exploited and linked to ransomware, the vendor has publicly disclosed it and marked the product as EoL, reducing the avoidability compared to negligent defaults.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |