← Voltar para CVEs
CVE-2010-3962
HIGHCISA KEV8.1
Descricao
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
Detalhes CVE
Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/5/2010
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMicrosoft
ProdutoInternet Explorer
Nome da vulnerabilidadeMicrosoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Data inclusao KEV2025-10-06
Prazo de remediacao2025-10-27
Uso em ransomwareUnknown
Produtos afetados
microsoft:internet_explorermicrosoft:windows_7microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_vistamicrosoft:windows_xp
Fraquezas (CWE)
CWE-416CWE-416
Referencias
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(secure@microsoft.com)
http://secunia.com/advisories/42091(secure@microsoft.com)
http://www.exploit-db.com/exploits/15418(secure@microsoft.com)
http://www.exploit-db.com/exploits/15421(secure@microsoft.com)
http://www.kb.cert.org/vuls/id/899748(secure@microsoft.com)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(secure@microsoft.com)
http://www.securityfocus.com/bid/44536(secure@microsoft.com)
http://www.securitytracker.com/id?1024676(secure@microsoft.com)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(secure@microsoft.com)
http://www.vupen.com/english/advisories/2010/2880(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(secure@microsoft.com)
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42091(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15418(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15421(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/899748(af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/2458511.mspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/44536(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024676(af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2880(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.