← Volver a CVEs
CVE-2010-3962
HIGHCISA KEV8.1
Descripcion
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/5/2010
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorMicrosoft
ProductoInternet Explorer
Nombre vulnerabilidadMicrosoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Fecha inclusion KEV2025-10-06
Fecha limite remediacion2025-10-27
Uso en ransomwareUnknown
Productos afectados
microsoft:internet_explorermicrosoft:windows_7microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_vistamicrosoft:windows_xp
Debilidades (CWE)
CWE-416CWE-416
Referencias
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(secure@microsoft.com)
http://secunia.com/advisories/42091(secure@microsoft.com)
http://www.exploit-db.com/exploits/15418(secure@microsoft.com)
http://www.exploit-db.com/exploits/15421(secure@microsoft.com)
http://www.kb.cert.org/vuls/id/899748(secure@microsoft.com)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(secure@microsoft.com)
http://www.securityfocus.com/bid/44536(secure@microsoft.com)
http://www.securitytracker.com/id?1024676(secure@microsoft.com)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(secure@microsoft.com)
http://www.vupen.com/english/advisories/2010/2880(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(secure@microsoft.com)
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42091(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15418(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15421(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/899748(af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44536(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024676(af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2880(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.