CVE-2010-0808 - Vulnerability Details - OpenCVE

Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer Windows Vista Windows Xp

Configuration 1 [-]

AND

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*

Configuration 2 [-]

AND

cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*

No data.

References

Link	Providers
http://support.avaya.com/css/P8/documents/100113324
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2010-10-13T18:00:00

Updated: 2024-08-07T00:59:39.316Z

Reserved: 2010-03-02T00:00:00

Link: CVE-2010-0808

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-10-13T19:00:03.290

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0808

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka \"AutoComplete Information Disclosure Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS10-071", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"}, {"name": "oval:org.mitre.oval:def:6889", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/css/P8/documents/100113324"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2010-0808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka \"AutoComplete Information Disclosure Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS10-071", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"}, {"name": "oval:org.mitre.oval:def:6889", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889"}, {"name": "http://support.avaya.com/css/P8/documents/100113324", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100113324"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:59:39.316Z"}, "title": "CVE Program Container", "references": [{"name": "MS10-071", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"}, {"name": "oval:org.mitre.oval:def:6889", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/css/P8/documents/100113324"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2010-0808", "datePublished": "2010-10-13T18:00:00", "dateReserved": "2010-03-02T00:00:00", "dateUpdated": "2024-08-07T00:59:39.316Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka \"AutoComplete Information Disclosure Vulnerability.\""}, {"lang": "es", "value": "Microsoft Internet Explorer 6 y 7 en Windows XP y Vista no impide la secuencia de comandos simulando la interacci\u00f3n del usuario con la caracter\u00edstica de AutoCompletado, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un sitio web, tambi\u00e9n conocido como \"Vulnerabilidad AutoComplete Information Disclosure\"."}], "evaluatorComment": "Per: http://www.microsoft.com/technet/security/Bulletin/MS10-071.mspx\r\n\r\n'An attacker who successfully exploited this vulnerability could potentially capture data previously entered into forms in the browser. The AutoComplete feature is disabled by default.'", "id": "CVE-2010-0808", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-10-13T19:00:03.290", "references": [{"source": "secure@microsoft.com", "url": "http://support.avaya.com/css/P8/documents/100113324"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/css/P8/documents/100113324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}