CVE-2010-3962
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/44536
- http://www.us-cert.gov/cas/techalerts/TA10-348A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
- http://www.kb.cert.org/vuls/id/899748
- http://secunia.com/advisories/42091
- http://www.vupen.com/english/advisories/2010/2880
- http://www.microsoft.com/technet/security/advisory/2458511.mspx
- http://www.securitytracker.com/id?1024676
- http://www.exploit-db.com/exploits/15421
- http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279
- http://www.exploit-db.com/exploits/15418
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- http://www.securityfocus.com/bid/44536
- http://www.us-cert.gov/cas/techalerts/TA10-348A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
- http://www.kb.cert.org/vuls/id/899748
- http://secunia.com/advisories/42091
- http://www.vupen.com/english/advisories/2010/2880
- http://www.microsoft.com/technet/security/advisory/2458511.mspx
- http://www.securitytracker.com/id?1024676
- http://www.exploit-db.com/exploits/15421
- http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279
- http://www.exploit-db.com/exploits/15418
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.