CVE-2010-3962

Published: Nov 5, 2010Modified: Apr 22, 2026CISA KEV

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

Affected (3)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Running on/with	Platform Versions
Microsoft Windows Xp	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7

Configuration C

1 vulnerable · 9 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 8

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (29)

http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx

Source: secure@microsoft.com

Vendor Advisory

http://secunia.com/advisories/42091

Source: secure@microsoft.com

Broken LinkVendor Advisory

http://www.exploit-db.com/exploits/15418

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/15421

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/899748

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.microsoft.com/technet/security/advisory/2458511.mspx

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/44536

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1024676

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks

Source: secure@microsoft.com

Not Applicable

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2010/2880

Source: secure@microsoft.com

Broken LinkVendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090

Source: secure@microsoft.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/62962

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279

Source: secure@microsoft.com

Tool Signature

http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/42091

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://www.exploit-db.com/exploits/15418

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/15421

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/899748

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.microsoft.com/technet/security/advisory/2458511.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/44536

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1024676

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2010/2880

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/62962

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279

Source: af854a3a-2127-422b-91ae-364da2661108

Tool Signature

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.