Vulnerability Description
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6 |
| Microsoft | Windows Server 2003 | - |
| Microsoft | Windows Xp | - |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Vista | - |
| Microsoft | Windows 7 | - |
Related Weaknesses (CWE)
References
- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-aVendor Advisory
- http://secunia.com/advisories/42091Broken LinkVendor Advisory
- http://www.exploit-db.com/exploits/15418Third Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/15421Third Party AdvisoryVDB Entry
- http://www.kb.cert.org/vuls/id/899748Third Party AdvisoryUS Government Resource
- http://www.microsoft.com/technet/security/advisory/2458511.mspxPatchVendor Advisory
- http://www.securityfocus.com/bid/44536Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1024676Broken LinkThird Party AdvisoryVDB Entry
- http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacksNot Applicable
- http://www.us-cert.gov/cas/techalerts/TA10-348A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2010/2880Broken LinkVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-09PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62962Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-aVendor Advisory
FAQ
What is CVE-2010-3962?
CVE-2010-3962 is a vulnerability with a CVSS score of 8.1 (HIGH). Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the cl...
How severe is CVE-2010-3962?
CVE-2010-3962 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3962?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Windows Server 2003, Microsoft Windows Xp, Microsoft Windows Server 2008, Microsoft Windows Vista.