CVE-2010-3962

Sažetak

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

Reference

http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://secunia.com/advisories/42091
http://www.exploit-db.com/exploits/15418
http://www.exploit-db.com/exploits/15421
http://www.kb.cert.org/vuls/id/899748
http://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.securityfocus.com/bid/44536
http://www.securitytracker.com/id?1024676
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
http://www.vupen.com/english/advisories/2010/2880
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://secunia.com/advisories/42091
http://www.exploit-db.com/exploits/15418
http://www.exploit-db.com/exploits/15421
http://www.kb.cert.org/vuls/id/899748
http://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.securityfocus.com/bid/44536
http://www.securitytracker.com/id?1024676
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
http://www.vupen.com/english/advisories/2010/2880
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-10-2025 - 01:00

Objavljeno

05-11-2010 - 17:00