CVSSv2 Base Score = 10.0
Source: osvdb.org | Generated: 2010-03-30 | Disagree? | There are 1 more: View All

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

2010/05/03 17:01:23 | Fortinet's April Threatscape Report Shows Botnets Battling for Digital Real Estate

from: Freshnews.com

...of April include: Microsoft Vulnerabilities: The Internet Explorer vulnerability MS.IE.Userdata.Behavior.Code.Execution (CVE-2010-0806) was the second-most detected malicious network activity for the second report in a row. While in its zero-day state, Fortinet...

2010/05/01 04:12:21 | Your Virtual Briefcase

from: PC Magazine

...has just released updates for critical vulnerabilities in Internet Explorer Versions 5, 6, 7, and 8. The update is named MS10-018: Cumulative Update for Internet Explorer. Users should apply the update as soon as possible, as one of the vulnerabilities is...

2010/04/27 22:10:38 | IE 8 XSS Vulnerability To Get Fixed in June

from: RedmondMag.com

...according to both Wang and Talbot. Microsoft subsequently released its initial update in January and again in March (MS10-018). Security experts applaud the prospect of a more substantive fix release in the early summer. Microsoft's David Ross said that the...

2010/04/20 16:00:00 | Microsoft slates June update to block IE8 abuse

from: NetworkWorld

...spelled out by Vela Nava and Lindsay in a pair of earlier IE updates -- the January and March emergency updates MS10-002 and MS10-018 -- yesterday the company said it would issue a cross-site scripting filter update to block another possible vector. "This...

2010/04/20 21:50:03 | Microsoft to fix IE8 cross-site scripting problem, again

from: CNET

...David Ross wrote on the Microsoft Security Response Center blog. That was followed by a critical update in March. (MS10-018) The update scheduled for June "will address a SCRIPT tag attack scenario described in the Blackhat EU presentation," Ross wrote....

2010/04/20 20:07:17 | Microsoft slates June update to block IE8 abuse

from: ComputerWorld

...out by Vela Nava and Lindsay in a pair of earlier IE updates -- the January and March emergency updates MS10-002 and MS10-018 -- yesterday the company said it would issue a cross-site scripting filter update to block another possible vector. "This change will...

2010/04/20 15:01:59 | Microsoft to fix security hiccups in IE 8 XSS filter

from: ZDNet

...own Bing.com, Google.com, Wikipedia.org and Twitter.com. Microsoft shipped two separate updates recently — MS10-002 and MS10-018 — with defense-in-depth changes that addressed the bulk of the problems discussed at the conference and a new update is scheduled...

2010/04/19 18:45:11 | Security gone awry: IE 8 XSS filter exposes sites to XSS attacks

from: ZDNet

...the MS10-002 security patch, which was released for IE users earlier this year. “Microsoft also added a defense-in-depth change (MS10-018) in March 2010 to provide broader coverage for this type of attack scenario,” Bryant said. However, not all of the issues...

2010/03/30 19:23:27 | Microsoft Releases Emergency Internet Explorer Patch

from: TechWeb

"The Internet Explorer team accelerated testing of this update due to the growing attacks against the publicly disclosed vulnerability (CVE-2010-0806), and the update has reached the appropriate quality bar for distribution to customers," said

2010/03/31 15:04:12 | What You Need to Know about Microsoft's Emergency IE Patch

from: San Francisco Chronicle

Microsoft released security bulletin MS10-018 today--an update rated as Critical which includes 10 patches affecting all versions of Internet Explorer, including the current zero-day exploit being used to attack IE6 and IE7 browsers. Exploit code for

2010/04/08 07:31:15 | Singer's Exploit Kit version CVE-2010-0806

from: F-Secure Antivirus Research Weblog

... Well, well... looks like someone had been singing along to a Jay Chow's song while coding an exploit that corresponds to a vulnerability in Internet Explorer, which was addressed in the Microsoft Security Bulletin MS10-018. The exploit that targets on ...

2010/04/01 20:16:38 | Escalating attacks prompted emergency IE update, says Microsoft

from: ComputerWorld

..."The counts in ... other countries ... appear to be one tenth of those in the United States." Stewart was optimistic that the MS10-018 update would dampen attacks. "Like the lifecycle of most vulnerabilities, we expect the threat landscape to mellow with the...

2010/04/01 16:00:00 | Escalating attacks prompted emergency IE update, says Microsoft

from: NetworkWorld

...counts in ... other countries ... appear to be one tenth of those in the United States." Stewart was optimistic that the MS10-018 update would dampen attacks. "Like the lifecycle of most vulnerabilities, we expect the threat landscape to mellow with the release...

2010/04/01 16:58:41 | Fortinet's March Threatscape Report Shows Domination of Ransomware and Troublesome Zero-Day

from: Freshnews.com

...in: A new zero-day threat aggressively entered FortiGuard's top ten attack list: MS.IE.Userdata.Behavior.Code.Execution (CVE-2010-0806, FortiGuard Advisory 2010-14). This exploit triggers a vulnerability in Internet Explorer, making remote code execution through...

2010/04/01 08:35:36 | Fortinet March Threatscape report shows domination of ransomware and troublesome zero-day

from: AME Info

Fortinet observed the primary drivers behind these threats to be two of the most notorious botnet "loaders" — Bredolab and Pushdo. Another important finding is the aggressive entrance of a new zero-day threat in FortiGuard's top ten attack list, MS.IE.

2010/03/30 16:00:00 | Microsoft out-of-band patch demands immediate action

from: NetworkWorld

...of which is being exploited in the wild against IE 6. Microsoft Tuesday released an out-of-band, cumulative security update, MS10-018, that the company as well as industry watchers advise IT departments give immediate attention. The security update, released out...

2010/03/31 08:04:58 | Emergency Patch for IE 6, 7, 8 released

from: Bink.nu

...team accelerated testing of this update due to the growing attacks against the publicly disclosed vulnerability (CVE-2010-0806), and the update has reached the appropriate quality bar for distribution to customers. Releasing the update early provides Internet...

2010/03/31 11:29:49 | Microsoft patches 10 critical IE bugs

from: InfoWorld

...IE6, but dump IE6 and IE7." For the most part, Storms saw the 10 vulnerabilities as "pretty typical IE bugs. Except for [CVE-2010-0806], none of them are particularly troublesome, or no more than we've come to expect." CVE-2010-0806 is the Common Vulnerabilities...

2010/03/30 18:49:19 | Emergency IE Patch Fixes Zero-Day Flaw

from: PC World

...to come out until April. While IE 8 is safe from the under-attack flaw, which affects IE 6 and 7, today's cumulative MS10-018 patch also closes eight other bugs. Some of the other bugs affect IE 8 as well, making this a critical patch for most every combination...

2010/03/31 10:19:12 | Internet Explorer Patch Released: Update Now

from: GHacks Technology News

...Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory MS10-018 is a cumulative update with the patch for Security Advisory 981374 being one of the patches included in the release. This...

2010/03/31 05:40:58 | Microsoft covers two Internet Explorer 8 vulnerabilities with out-of-band patch, as it refuses to comment on whether the update patches the vulnerability that was used in the 'pwn2own' contest

from: SC Magazine

Microsoft has released its second out-of-band patch for Internet Explorer in less than three months. As announced by SC Magazine yesterday, Microsoft released security update MS10-018 to address a publicly disclosed vulnerability in Internet Explorer 6

2010/03/30 01:23:07 | Microsoft To Release Another Out-Of-Band Patch

from: Channel Web

...that can be accessed after an object is deleted, paving the way for hackers to carry out remote code execution attacks. Update MS10-018 also fixes nine additional vulnerabilities, some of which affect IE 8, Microsoft said in a Monday blog post. Microsoft...

2010/03/30 23:07:18 | 'Critical' Off-Cycle IE Patch Released

from: RedmondMag.com

Microsoft today released its second "critical" off-cycle patch for Internet Explorer this year. The patch (MS10-018) is said to fix some 10 vulnerabilities in Microsoft's Web browser. It addresses a remote code execution (RCE) vulnerability that can

2010/03/30 20:22:11 | What You Need to Know about Microsoft's Emergency IE Patch

from: PC World

...released security bulletin MS10-018 today--an update rated as Critical which includes 10 patches affecting all versions of Internet Explorer, including the current zero-day exploit being used to attack IE6 and IE7 browsers. Exploit code for the IE zero-day,...

2010/03/30 05:32:06 | Microsoft announces out-of-band patch for Internet Explorer that will be released tonight, as Apple patches Mac OS X 10.5 and 10.6

from: SC Magazine

...this evening. Jerry Bryant, senior security communications manager at Microsoft, said that it will be releasing security update MS10-018 to resolve Security Advisory 981374, addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet...

2010/03/30 22:38:42 | Yes, IE8 users, you need that new security update

from: ZDNet

Microsoft issued a so-called out-of-band update for Internet Explorer today. In plain English, that means the update is being pushed out via Windows Update and Microsoft Update ahead of the normally scheduled release on Patch Tuesday, April 13.

2010/03/30 17:33:24 | Emergency IE Update Fixes 10 Vulnerabilities

from: PC Magazine

...IE8-only. but also is mitigated by Protected Mode and by running as a standard user. IE7 users should also worry about CVE-2010-0806 ("Uninitialized Memory Corruption Vulnerability") and CVE-2010-0807 ("HTML Rendering Memory Corruption Vulnerability"), both...

2010/03/30 19:58:28 | Microsoft patches 10 critical IE bugs

from: ComputerWorld

...IE bugs. Except for [CVE-2010-0806], none of them are particularly troublesome, or no more than we've come to expect." CVE-2010-0806 is the Common Vulnerabilities & Exposure ID for the vulnerability that prompted the rush, or "out-of-band," update. And that...

2010/03/30 18:08:41 | Microsoft Releases Emergency Internet Explorer Patch

from: Information Week

...team accelerated testing of this update due to the growing attacks against the publicly disclosed vulnerability (CVE-2010-0806), and the update has reached the appropriate quality bar for distribution to customers," said Microsoft Security Response group manager...