Trusted Design

• 重大度: Unknown
• 公開日: 2010-03-10
• 更新日: 2024-08-07

概要

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

このCVEに関連するMITRE ATT&CKテクニック

• T1055.011 - Extra Window Memory Injection
• T1218.011 - Rundll32
• T1003.002 - Security Account Manager
• T1588.004 - Digital Certificates
• T1583.002 - DNS Server
• T1218.013 - Mavinject
• T1114.001 - Local Email Collection
• T1192 - Spearphishing Link
• T1121 - Regsvcs/Regasm
• T1559.002 - Dynamic Data Exchange
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1559.001 - Component Object Model
• T1574.001 - DLL
• T1583.005 - Botnet
• T1103 - AppInit DLLs
• T1140 - Deobfuscate/Decode Files or Information
• T1608.001 - Upload Malware
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1070.008 - Clear Mailbox Data
• T1218 - System Binary Proxy Execution
• T1038 - DLL Search Order Hijacking
• T1518.002 - Backup Software Discovery
• T1182 - AppCert DLLs
• T1218.003 - CMSTP
• T1525 - Implant Internal Image
• T1218.002 - Control Panel
• T1181 - Extra Window Memory Injection
• T1145 - Private Keys
• T1535 - Unused/Unsupported Cloud Regions
• T1155 - AppleScript
• T1563 - Remote Service Session Hijacking
• T1574.006 - Dynamic Linker Hijacking
• T1179 - Hooking
• T1042 - Change Default File Association
• T1177 - LSASS Driver
• T1055.013 - Process Doppelgänging
• T1546.008 - Accessibility Features
• T1083 - File and Directory Discovery
• T1055.004 - Asynchronous Procedure Call
• T1546.009 - AppCert DLLs
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1218.012 - Verclsid
• T1559.003 - XPC Services
• T1218.005 - Mshta
• T1608.005 - Link Target
• T1027.012 - LNK Icon Smuggling
• T1598.002 - Spearphishing Attachment
• T1496.004 - Cloud Service Hijacking
• T1606 - Forge Web Credentials
• T1055.014 - VDSO Hijacking
• T1071.002 - File Transfer Protocols
• T1679 - Selective Exclusion
• T1122 - Component Object Model Hijacking
• T1574.013 - KernelCallbackTable
• T1218.001 - Compiled HTML File
• T1219.003 - Remote Access Hardware
• T1574 - Hijack Execution Flow
• T1073 - DLL Side-Loading
• T1110.004 - Credential Stuffing
• T1187 - Forced Authentication
• T1486 - Data Encrypted for Impact
• T1547.002 - Authentication Package
• T1218.010 - Regsvr32
• T1128 - Netsh Helper DLL
• T1587.004 - Exploits
• T1546.015 - Component Object Model Hijacking
• T1203 - Exploitation for Client Execution
• T1595.003 - Wordlist Scanning
• T1562.011 - Spoof Security Alerting
• T1218.009 - Regsvcs/Regasm
• T1027.004 - Compile After Delivery
• T1127.002 - ClickOnce
• T1546.010 - AppInit DLLs
• T1213.003 - Code Repositories
• T1565.002 - Transmitted Data Manipulation
• T1505 - Server Software Component
• T1159 - Launch Agent
• T1136 - Create Account
• T1204.004 - Malicious Copy and Paste
• T1046 - Network Service Discovery
• T1538 - Cloud Service Dashboard
• T1105 - Ingress Tool Transfer
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1173 - Dynamic Data Exchange
• T1204.001 - Malicious Link
• T1055.001 - Dynamic-link Library Injection
• T1588.005 - Exploits
• T1216 - System Script Proxy Execution
• T1127 - Trusted Developer Utilities Proxy Execution

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る