← Zuruck zu CVEs
CVE-2010-3962
HIGHCISA KEV8.1
Beschreibung
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
CVE Details
CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht11/5/2010
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerMicrosoft
ProduktInternet Explorer
SchwachstellennameMicrosoft Internet Explorer Uninitialized Memory Corruption Vulnerability
KEV Aufnahmedatum2025-10-06
Behebungsfrist2025-10-27
Ransomware-NutzungUnknown
Betroffene Produkte
microsoft:internet_explorermicrosoft:windows_7microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_vistamicrosoft:windows_xp
Schwachen (CWE)
CWE-416CWE-416
Referenzen
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(secure@microsoft.com)
http://secunia.com/advisories/42091(secure@microsoft.com)
http://www.exploit-db.com/exploits/15418(secure@microsoft.com)
http://www.exploit-db.com/exploits/15421(secure@microsoft.com)
http://www.kb.cert.org/vuls/id/899748(secure@microsoft.com)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(secure@microsoft.com)
http://www.securityfocus.com/bid/44536(secure@microsoft.com)
http://www.securitytracker.com/id?1024676(secure@microsoft.com)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(secure@microsoft.com)
http://www.vupen.com/english/advisories/2010/2880(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(secure@microsoft.com)
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42091(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15418(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15421(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/899748(af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44536(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024676(af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2880(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.