← Back to CVEs
CVE-2010-3962
HIGHCISA KEV8.1
Description
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
CVE Details
CVSS v3.1 Score8.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published11/5/2010
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorMicrosoft
ProductInternet Explorer
Vulnerability NameMicrosoft Internet Explorer Uninitialized Memory Corruption Vulnerability
KEV Date Added2025-10-06
Remediation Due Date2025-10-27
Ransomware UseUnknown
Affected Products
microsoft:internet_explorermicrosoft:windows_7microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_vistamicrosoft:windows_xp
Weaknesses (CWE)
CWE-416CWE-416
References
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(secure@microsoft.com)
http://secunia.com/advisories/42091(secure@microsoft.com)
http://www.exploit-db.com/exploits/15418(secure@microsoft.com)
http://www.exploit-db.com/exploits/15421(secure@microsoft.com)
http://www.kb.cert.org/vuls/id/899748(secure@microsoft.com)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(secure@microsoft.com)
http://www.securityfocus.com/bid/44536(secure@microsoft.com)
http://www.securitytracker.com/id?1024676(secure@microsoft.com)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(secure@microsoft.com)
http://www.vupen.com/english/advisories/2010/2880(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(secure@microsoft.com)
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42091(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15418(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15421(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/899748(af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44536(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024676(af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2880(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.