Vulnerabilities > CVE-2010-1991 - Resource Management Errors vulnerability in Microsoft IE and Internet Explorer

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

microsoft

CWE-399

NVD

Published: 2010-05-20

Updated: 2021-07-23

Summary

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 6.0.2900.2180 Microsoft Internet Explorer 7 Microsoft Internet Explorer 7.0 Microsoft IE 8.0.7600.16385	4

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://websecurity.com.ua/4206/
http://www.securityfocus.com/archive/1/511327/100/0/threaded