CVE-2010-1127

Published: Mar 26, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.

Affected (26)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6.0.2600
Microsoft Internet Explorer	Version 6.0.2800.1106
Microsoft Internet Explorer	Version 6.0.2800
Microsoft Internet Explorer	Version 6.0.2900.2180
Microsoft Internet Explorer	Version 6.0.2900
Microsoft Internet Explorer	Version 6.00.2462.0000
Microsoft Internet Explorer	Version 6.00.2479.0006
Microsoft Internet Explorer	Version 6.00.2600.0000
Microsoft Internet Explorer	Version 6.00.2800.1106
Microsoft Internet Explorer	Version 6.00.2900.2180
Microsoft Internet Explorer	Version 6.00.3663.0000
Microsoft Internet Explorer	Version 6.00.3718.0000
Microsoft Internet Explorer	Version 6.00.3790.0000
Microsoft Internet Explorer	Version 6.00.3790.1830
Microsoft Internet Explorer	Version 6.00.3790.3959
Microsoft Internet Explorer	Version 6.0
Microsoft Internet Explorer	Version 7.0.5730.11
Microsoft Internet Explorer	Version 7.0.5730 unknown
Microsoft Internet Explorer	Version 7.00.5730.1100
Microsoft Internet Explorer	Version 7.00.6000.16386
Microsoft Internet Explorer	Version 7.00.6000.16441
Microsoft Internet Explorer	Version 7.0
Microsoft Internet Explorer	Version 7.0 beta1
Microsoft Internet Explorer	Version 7.0 beta2
Microsoft Internet Explorer	Version 7.0 beta3
Microsoft Internet Explorer	Version 7.0 beta