Vulnerability Details : CVE-2010-3962
Public exploit exists!
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-3962
Probability of exploitation activity in the next 30 days: 96.97%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-3962
-
MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption
Disclosure Date: 2010-11-03First seen: 2020-04-26exploit/windows/browser/ms10_090_ie_css_clipThis module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code
CVSS scores for CVE-2010-3962
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-3962
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3962
-
http://www.kb.cert.org/vuls/id/899748
VU#899748 - Microsoft Internet Explorer invalid flag reference vulnerabilityThird Party Advisory;US Government Resource
-
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Microsoft Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.securitytracker.com/id?1024676
Microsoft Internet Explorer Freed Object Invalid Flag Reference Access Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
Microsoft Internet Explorer invalid flag code execution CVE-2010-3962 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2010/2880
Webmail | OVH- OVHBroken Link;Vendor Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
Microsoft Security Bulletin MS10-090 - Critical | Microsoft DocsPatch;Vendor Advisory
-
http://www.microsoft.com/technet/security/advisory/2458511.mspx
Technical documentation, API, and code examples | Microsoft DocsPatch;Vendor Advisory
-
http://www.exploit-db.com/exploits/15421
Microsoft Internet Explorer 6/7/8 - Memory Corruption - Windows remote ExploitThird Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279
Repository / Oval RepositoryTool Signature
-
http://www.exploit-db.com/exploits/15418
Microsoft Internet Explorer - Memory Corruption - Windows dos ExploitThird Party Advisory;VDB Entry
-
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
New IE Zero-Day used in Targeted Attacks | Symantec Connect CommunityNot Applicable
-
http://www.securityfocus.com/bid/44536
Microsoft Internet Explorer CSS Tags Uninitialized Memory Remote Code Execution VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
Microsoft Releases Security Advisory 2458511 – Microsoft Security Response CenterVendor Advisory
Products affected by CVE-2010-3962
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 Professional Edition For X64
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 Professional Edition For X64