CVE-2010-3886

Published: Oct 8, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.

Affected (1)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 8

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html

Source: cve@mitre.org

Broken LinkExploit

http://twitter.com/WisecWisec/statuses/17254776077

Source: cve@mitre.org

Third Party Advisory

http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630

Source: cve@mitre.org

Not Applicable

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606

Source: cve@mitre.org

Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploit

http://twitter.com/WisecWisec/statuses/17254776077

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.