← Retour aux CVEs
CVE-2010-3962
HIGHCISA KEV8.1
Description
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
Details CVE
Score CVSS v3.18.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie11/5/2010
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitInternet Explorer
Nom vulnerabiliteMicrosoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Date ajout KEV2025-10-06
Date limite remediation2025-10-27
Utilise dans ransomwareUnknown
Produits affectes
microsoft:internet_explorermicrosoft:windows_7microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_vistamicrosoft:windows_xp
Faiblesses (CWE)
CWE-416CWE-416
References
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(secure@microsoft.com)
http://secunia.com/advisories/42091(secure@microsoft.com)
http://www.exploit-db.com/exploits/15418(secure@microsoft.com)
http://www.exploit-db.com/exploits/15421(secure@microsoft.com)
http://www.kb.cert.org/vuls/id/899748(secure@microsoft.com)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(secure@microsoft.com)
http://www.securityfocus.com/bid/44536(secure@microsoft.com)
http://www.securitytracker.com/id?1024676(secure@microsoft.com)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(secure@microsoft.com)
http://www.vupen.com/english/advisories/2010/2880(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(secure@microsoft.com)
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42091(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15418(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15421(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/899748(af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44536(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024676(af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2880(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.