CVE-2010-3962

CVSS V2 High 9.3 CVSS V3 None
Description
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
Overview
  • CVE ID
  • CVE-2010-3962
  • Assigner
  • secure@microsoft.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2010-11-05T17:00:02
  • Last Modified Date
  • 2022-02-28T19:15:52
Weakness Enumerations
CWE URL
CWE-416 http://cwe.mitre.org/data/definitions/416.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:* 0 OR
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* 0 OR
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* 0 OR
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks Not Applicable
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx Vendor Advisory
http://www.microsoft.com/technet/security/advisory/2458511.mspx Patch Vendor Advisory
http://www.securitytracker.com/id?1024676 Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/899748 Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2010/2880 Broken Link Vendor Advisory
http://secunia.com/advisories/42091 Broken Link Vendor Advisory
http://www.securityfocus.com/bid/44536 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA10-348A.html Third Party Advisory US Government Resource
http://www.exploit-db.com/exploits/15418 Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/15421 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279 Tool Signature
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 Patch Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-3962
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3962
History
Created Old Value New Value Data Type Notes
2022-05-10 15:48:19 Added to TrackCVE