| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Microsoft Internet Explorer. This impacts an unknown function. This manipulation causes information disclosure. This vulnerability is handled as CVE-2010-0488. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability has been found in Microsoft Internet Explorer (Web Browser) (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. The summary by CVE is:
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."
The weakness was released 03/31/2010 as MS10-018 as confirmed bulletin (Technet). The advisory is shared at technet.microsoft.com. This vulnerability is known as CVE-2010-0488. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1592 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 45378 , which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100083 (Microsoft Internet Explorer Cumulative Security Update (MS10-018 and KB981374)).
Applying the patch MS10-018 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 9636.
The vulnerability is also documented in the databases at Tenable (45378), SecurityFocus (BID 39028†), SecurityTracker (ID 1023773†) and Vulnerability Center (SBV-25207†). Entries connected to this vulnerability are available at VDB-4091, VDB-52508, VDB-52507 and VDB-52506. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Support
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.1VulDB Meta Temp Score: 6.0
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 6.5
CNA Vector: 🔍
ADP CISA Base Score: 6.5
ADP CISA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 45378
Nessus File: 🔍
Nessus Risk: 🔍
OpenVAS ID: 902155
OpenVAS Name: Microsoft Internet Explorer Multiple Vulnerabilities (980182)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: MS10-018
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Timeline
02/02/2010 🔍03/30/2010 🔍
03/31/2010 🔍
03/31/2010 🔍
03/31/2010 🔍
03/19/2015 🔍
05/04/2026 🔍
Sources
Vendor: microsoft.comAdvisory: MS10-018
Status: Confirmed
CVE: CVE-2010-0488 (🔍)
GCVE (CVE): GCVE-0-2010-0488
GCVE (VulDB): GCVE-100-52501
OVAL: 🔍
SecurityFocus: 39028
SecurityTracker: 1023773
Vulnerability Center: 25207 - [MS10-018] Microsoft Internet Explorer information disclosure vulnerability, Medium
See also: 🔍
Entry
Created: 03/19/2015 12:22Updated: 05/04/2026 11:49
Changes: 03/19/2015 12:22 (42), 04/07/2017 12:09 (22), 09/06/2021 15:11 (1), 09/06/2021 15:18 (7), 09/06/2021 15:24 (1), 01/05/2025 22:12 (15), 01/21/2025 18:47 (12), 05/04/2026 11:49 (11)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.