cvelistv5 - CVE-2010-3962

CVE-2010-3962 (GCVE-0-2010-3962)

Vulnerability from cvelistv5

Published

2010-11-05 16:28

Modified

2025-10-22 00:05

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

References

URL

Tags

secure@microsoft.com	http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx	Vendor Advisory
secure@microsoft.com	http://secunia.com/advisories/42091	Broken Link, Vendor Advisory
secure@microsoft.com	http://www.exploit-db.com/exploits/15418	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.exploit-db.com/exploits/15421	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.kb.cert.org/vuls/id/899748	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/2458511.mspx	Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/44536	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id?1024676	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks	Not Applicable
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-348A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/2880	Broken Link, Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090	Patch, Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/62962	Third Party Advisory, VDB Entry
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279	Tool Signature
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42091	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15418	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15421	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/899748	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/2458511.mspx	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44536	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024676	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-348A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2880	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/62962	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279	Tool Signature
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-10-06

Due date: 2025-10-27

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2458511?redirectedfrom=MSDN ; https://nvd.nist.gov/vuln/detail/CVE-2010-3962

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:12.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44536",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44536"
          },
          {
            "name": "TA10-348A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
          },
          {
            "name": "MS10-090",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
          },
          {
            "name": "VU#899748",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/899748"
          },
          {
            "name": "42091",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42091"
          },
          {
            "name": "ADV-2010-2880",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2880"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
          },
          {
            "name": "1024676",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024676"
          },
          {
            "name": "15421",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15421"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks"
          },
          {
            "name": "ms-ie-flag-code-execution(62962)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:12279",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279"
          },
          {
            "name": "15418",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15418"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2010-3962",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-04T03:55:26.935049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-10-06",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:51.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-10-06T00:00:00+00:00",
            "value": "CVE-2010-3962 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "44536",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44536"
        },
        {
          "name": "TA10-348A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
        },
        {
          "name": "MS10-090",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
        },
        {
          "name": "VU#899748",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/899748"
        },
        {
          "name": "42091",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42091"
        },
        {
          "name": "ADV-2010-2880",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2880"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
        },
        {
          "name": "1024676",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024676"
        },
        {
          "name": "15421",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15421"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks"
        },
        {
          "name": "ms-ie-flag-code-execution(62962)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx"
        },
        {
          "name": "oval:org.mitre.oval:def:12279",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279"
        },
        {
          "name": "15418",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15418"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44536",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44536"
            },
            {
              "name": "TA10-348A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
            },
            {
              "name": "MS10-090",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
            },
            {
              "name": "VU#899748",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/899748"
            },
            {
              "name": "42091",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42091"
            },
            {
              "name": "ADV-2010-2880",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2880"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2458511.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
            },
            {
              "name": "1024676",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024676"
            },
            {
              "name": "15421",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/15421"
            },
            {
              "name": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks",
              "refsource": "MISC",
              "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks"
            },
            {
              "name": "ms-ie-flag-code-execution(62962)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962"
            },
            {
              "name": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:12279",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279"
            },
            {
              "name": "15418",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/15418"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-3962",
    "datePublished": "2010-11-05T16:28:00.000Z",
    "dateReserved": "2010-10-14T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:51.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2010-3962",
      "dateAdded": "2025-10-06",
      "dueDate": "2025-10-27",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2458511?redirectedfrom=MSDN ; https://nvd.nist.gov/vuln/detail/CVE-2010-3962",
      "product": "Internet Explorer",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3962\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-11-05T17:00:02.890\",\"lastModified\":\"2025-10-22T01:15:39.307\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \\\"invalid flag reference\\\" issue or \\\"Uninitialized Memory Corruption Vulnerability,\\\" as exploited in the wild in November 2010.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores relacionados con secuencias de tokens de Hojas de Estilo en Cascada (CSS) y el atributo de clip, tambi\u00e9n se conoce como un problema \\\"invalid flag reference\\\" o \\\"Uninitialized Memory Corruption Vulnerability,\\\" tal y como se explot\u00f3 \\\"in the wild\\\" en noviembre 2010.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2025-10-06\",\"cisaActionDue\":\"2025-10-27\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"BADB0479-3E0E-4326-B568-9DBDCACF0B5E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2EE0AD3-2ADC-480E-B03E-06962EC4F095\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52E757F-9B41-43B4-9D67-3FEDACA71283\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2EE0AD3-2ADC-480E-B03E-06962EC4F095\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36559BC0-44D7-48B3-86FF-1BFF0257B5ED\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42091\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/15418\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.exploit-db.com/exploits/15421\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/899748\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2458511.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/44536\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1024676\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2880\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/62962\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/15418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.exploit-db.com/exploits/15421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/899748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2458511.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/44536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1024676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/62962\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"n/a\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-11-02T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \\\"invalid flag reference\\\" issue or \\\"Uninitialized Memory Corruption Vulnerability,\\\" as exploited in the wild in November 2010.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"n/a\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2018-10-12T19:57:01.000Z\", \"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\"}, \"references\": [{\"name\": \"44536\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"], \"url\": \"http://www.securityfocus.com/bid/44536\"}, {\"name\": \"TA10-348A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"], \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\"}, {\"name\": \"MS10-090\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"], \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090\"}, {\"name\": \"VU#899748\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"], \"url\": \"http://www.kb.cert.org/vuls/id/899748\"}, {\"name\": \"42091\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"], \"url\": \"http://secunia.com/advisories/42091\"}, {\"name\": \"ADV-2010-2880\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"], \"url\": \"http://www.vupen.com/english/advisories/2010/2880\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://www.microsoft.com/technet/security/advisory/2458511.mspx\"}, {\"name\": \"1024676\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://www.securitytracker.com/id?1024676\"}, {\"name\": \"15421\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"], \"url\": \"http://www.exploit-db.com/exploits/15421\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks\"}, {\"name\": \"ms-ie-flag-code-execution(62962)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"], \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62962\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx\"}, {\"name\": \"oval:org.mitre.oval:def:12279\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"], \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279\"}, {\"name\": \"15418\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"], \"url\": \"http://www.exploit-db.com/exploits/15418\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"secure@microsoft.com\", \"ID\": \"CVE-2010-3962\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"n/a\", \"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \\\"invalid flag reference\\\" issue or \\\"Uninitialized Memory Corruption Vulnerability,\\\" as exploited in the wild in November 2010.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"44536\", \"refsource\": \"BID\", \"url\": \"http://www.securityfocus.com/bid/44536\"}, {\"name\": \"TA10-348A\", \"refsource\": \"CERT\", \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\"}, {\"name\": \"MS10-090\", \"refsource\": \"MS\", \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090\"}, {\"name\": \"VU#899748\", \"refsource\": \"CERT-VN\", \"url\": \"http://www.kb.cert.org/vuls/id/899748\"}, {\"name\": \"42091\", \"refsource\": \"SECUNIA\", \"url\": \"http://secunia.com/advisories/42091\"}, {\"name\": \"ADV-2010-2880\", \"refsource\": \"VUPEN\", \"url\": \"http://www.vupen.com/english/advisories/2010/2880\"}, {\"name\": \"http://www.microsoft.com/technet/security/advisory/2458511.mspx\", \"refsource\": \"CONFIRM\", \"url\": \"http://www.microsoft.com/technet/security/advisory/2458511.mspx\"}, {\"name\": \"1024676\", \"refsource\": \"SECTRACK\", \"url\": \"http://www.securitytracker.com/id?1024676\"}, {\"name\": \"15421\", \"refsource\": \"EXPLOIT-DB\", \"url\": \"http://www.exploit-db.com/exploits/15421\"}, {\"name\": \"http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks\", \"refsource\": \"MISC\", \"url\": \"http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks\"}, {\"name\": \"ms-ie-flag-code-execution(62962)\", \"refsource\": \"XF\", \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62962\"}, {\"name\": \"http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx\", \"refsource\": \"CONFIRM\", \"url\": \"http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx\"}, {\"name\": \"oval:org.mitre.oval:def:12279\", \"refsource\": \"OVAL\", \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279\"}, {\"name\": \"15418\", \"refsource\": \"EXPLOIT-DB\", \"url\": \"http://www.exploit-db.com/exploits/15418\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T03:26:12.283Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"44536\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"], \"url\": \"http://www.securityfocus.com/bid/44536\"}, {\"name\": \"TA10-348A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"], \"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-348A.html\"}, {\"name\": \"MS10-090\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"], \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090\"}, {\"name\": \"VU#899748\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"], \"url\": \"http://www.kb.cert.org/vuls/id/899748\"}, {\"name\": \"42091\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"], \"url\": \"http://secunia.com/advisories/42091\"}, {\"name\": \"ADV-2010-2880\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"], \"url\": \"http://www.vupen.com/english/advisories/2010/2880\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://www.microsoft.com/technet/security/advisory/2458511.mspx\"}, {\"name\": \"1024676\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://www.securitytracker.com/id?1024676\"}, {\"name\": \"15421\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"], \"url\": \"http://www.exploit-db.com/exploits/15421\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks\"}, {\"name\": \"ms-ie-flag-code-execution(62962)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"], \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62962\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx\"}, {\"name\": \"oval:org.mitre.oval:def:12279\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"], \"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279\"}, {\"name\": \"15418\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"], \"url\": \"http://www.exploit-db.com/exploits/15418\"}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-3962\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-04T03:55:26.935049Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-10-06\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-03T14:51:19.126Z\"}, \"timeline\": [{\"time\": \"2025-10-06T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2010-3962 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"assignerShortName\": \"microsoft\", \"cveId\": \"CVE-2010-3962\", \"datePublished\": \"2010-11-05T16:28:00.000Z\", \"dateReserved\": \"2010-10-14T00:00:00.000Z\", \"dateUpdated\": \"2025-10-21T20:04:22.955Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTA-2010-AVI-593

Vulnerability from certfr_avis

Plusieurs vulnérabilités dans Internet Explorer permettent l'exécution de code arbitraire à distance ou des fuites de données.

Description

Plusieurs vulnérabilités dans Internet Explorer permettent l'exécution de code arbitraire à distance ou des fuites de données, notamment des erreurs de traitement des objets et éléments HTML permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Internet Explorer 6 sur Windows Server 2003 SP2 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2003 x64 SP2 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Vista SP1 et SP2 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2008 x64 SP2 ;
Microsoft	Windows	Internet Explorer 6 sur Windows Server 2003 x64 SP2 ;
Microsoft	Windows	Internet Explorer 6 sur Windows XP SP3 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Server 2008 SP2 ;
Microsoft	Windows	Internet Explorer 6 sur Windows XP x64 SP2 ;
Microsoft	Windows	Internet Explorer 6 sur Windows Server 2003 Itanium SP2 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Server 2003 x64 SP2 ;
Microsoft	Windows	Internet Explorer 8 sur Windows XP SP3 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2003 SP2 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2008 Itanium ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2008 Itanium SP2 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Server 2008 x64 SP2 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Vista x64 SP1 et SP2 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2008 SP2 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Server 2008 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Vista x64 SP1 et SP2 ;
Microsoft	Windows	Internet Explorer 8 sur Windows 7 32 bits et 64 bits ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2003 Itanium SP2 ;
Microsoft	Windows	Internet Explorer 7 sur Windows XP SP3 ;
Microsoft	Windows	Internet Explorer 7 sur Windows XP x64 SP2 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2008 x64 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Server 2003 SP2 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Vista SP1 et SP2 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Server 2008 r2 x64 et Itanium.
Microsoft	Windows	Internet Explorer 8 sur Windows XP x64 SP2 ;
Microsoft	Windows	Internet Explorer 8 sur Windows Server 2008 x64 ;
Microsoft	Windows	Internet Explorer 7 sur Windows Server 2008 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS10-090 du 14 décembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 6 sur Windows Server 2003 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2003 x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Vista SP1 et SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2008 x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 sur Windows Server 2003 x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 sur Windows XP SP3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Server 2008 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 sur Windows XP x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 sur Windows Server 2003 Itanium SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Server 2003 x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows XP SP3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2003 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2008 Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2008 Itanium SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Server 2008 x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Vista x64 SP1 et SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2008 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Server 2008 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Vista x64 SP1 et SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows 7 32 bits et 64 bits ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2003 Itanium SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows XP SP3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows XP x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2008 x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Server 2003 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Vista SP1 et SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Server 2008 r2 x64 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows XP x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8 sur Windows Server 2008 x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 sur Windows Server 2008 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Internet Explorer permettent l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance ou des fuites de donn\u00e9es, notamment des\nerreurs de traitement des objets et \u00e9l\u00e9ments HTML permettent l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3348"
    },
    {
      "name": "CVE-2010-3340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3340"
    },
    {
      "name": "CVE-2010-3345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3345"
    },
    {
      "name": "CVE-2010-3346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3346"
    },
    {
      "name": "CVE-2010-3342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3342"
    },
    {
      "name": "CVE-2010-3343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3343"
    },
    {
      "name": "CVE-2010-3962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3962"
    }
  ],
  "initial_release_date": "2010-12-15T00:00:00",
  "last_revision_date": "2010-12-15T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-593",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Internet Explorer permettent l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance ou des fuites de donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-090 du 14 d\u00e9cembre 2010",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-090.mspx"
    }
  ]
}

CERTA-2010-ALE-019

Vulnerability from certfr_alerte

Une vulnérabilité a été corrigée dans Microsoft Internet Explorer, elle permet à un utilisateur distant de provoquer un déni de service ou d'exécuter du code arbitraire.

Description

Une vulnérabilité relative à la gestion de certains drapeaux est présente dans Microsoft Internet Explorer. Elle permet à un utilisateur distant de provoquer un déni de service ou d'executer du code arbitraire par le biais d'une page web construite de façon particulière.

Contournement provisoire

Afin de contourner le problème :

Il est possible de surcharger la feuille de style utilisée par défaut pour afficher les pages web :
- créer un fichier moncss.css contenant :
- dans Internet Explorer, cliquer sur Outils puis Options Internet ;
- cocher la case Mettre les documents en forme en utilisant ma feuille de style ;
- avec le bouton parcourir selectionner le fichier préalablement créé : moncss.css.
- Utiliser un navigateur alternatif ne s'appuyant pas sur le moteur de rendu de Internet Explorer comme Firefox, Opera, Safari ou Chrome.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Internet Explorer 8.
Microsoft	N/A	Microsoft Internet Explorer 7 ;
Microsoft	N/A	Microsoft Internet Explorer 6 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft n°2458511 du 03 novembre 2010	None	vendor-advisory
Bulletin de sécurité Microsoft MS10-090 du 14 décembre 2010 :	-	other
Bulletin de sécurité Microsoft MS10-090 du 14 décembre 2010 :	-	other
Bulletin de sécurité Microsoft n°2458511 du 03 novembre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2010-12-17",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 relative \u00e0 la gestion de certains drapeaux est\npr\u00e9sente dans Microsoft Internet Explorer. Elle permet \u00e0 un utilisateur\ndistant de provoquer un d\u00e9ni de service ou d\u0027executer du code arbitraire\npar le biais d\u0027une page web construite de fa\u00e7on particuli\u00e8re.\n\n## Contournement provisoire\n\nAfin de contourner le probl\u00e8me :\n\n-   Il est possible de surcharger la feuille de style utilis\u00e9e par\n    d\u00e9faut pour afficher les pages web :\n    -   cr\u00e9er un fichier moncss.css contenant :  \n          \n    -   dans Internet Explorer, cliquer sur \u003cspan\n        class=\"textbf\"\u003eOutils\u003c/span\u003e puis \u003cspan class=\"textbf\"\u003eOptions\n        Internet\u003c/span\u003e ;\n    -   cocher la case \u003cspan class=\"textbf\"\u003eMettre les documents en\n        forme en utilisant ma feuille de style\u003c/span\u003e ;\n    -   avec le bouton \u003cspan class=\"textbf\"\u003eparcourir\u003c/span\u003e\n        selectionner le fichier pr\u00e9alablement cr\u00e9\u00e9 : moncss.css.\n-   Utiliser un navigateur alternatif ne s\u0027appuyant pas sur le moteur de\n    rendu de Internet Explorer comme Firefox, Opera, Safari ou Chrome.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3962"
    }
  ],
  "initial_release_date": "2010-11-03T00:00:00",
  "last_revision_date": "2010-12-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-090 du 14 d\u00e9cembre 2010    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS10-090.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-090 du 14 d\u00e9cembre 2010    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-090.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft n\u00b02458511 du 03 novembre    2010 :",
      "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
    }
  ],
  "reference": "CERTA-2010-ALE-019",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-03T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au correctif.",
      "revision_date": "2010-12-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Microsoft Internet Explorer, elle\npermet \u00e0 un utilisateur distant de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft n\u00b02458511 du 03 novembre 2010",
      "url": null
    }
  ]
}

ghsa-cmh7-cfjq-p92g

Vulnerability from github

Published

2022-05-13 01:03

Modified

2025-10-22 03:30

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3962"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-11-05T17:00:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010.",
  "id": "GHSA-cmh7-cfjq-p92g",
  "modified": "2025-10-22T03:30:28Z",
  "published": "2022-05-13T01:03:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3962"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42091"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15418"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15421"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/899748"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44536"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024676"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2880"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2010-3962

Vulnerability from fkie_nvd

Published

2010-11-05 17:00

Modified

2025-10-22 01:15

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx	Vendor Advisory
secure@microsoft.com	http://secunia.com/advisories/42091	Broken Link, Vendor Advisory
secure@microsoft.com	http://www.exploit-db.com/exploits/15418	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.exploit-db.com/exploits/15421	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.kb.cert.org/vuls/id/899748	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/2458511.mspx	Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/44536	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id?1024676	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks	Not Applicable
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-348A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/2880	Broken Link, Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090	Patch, Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/62962	Third Party Advisory, VDB Entry
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279	Tool Signature
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42091	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15418	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15421	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/899748	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/2458511.mspx	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44536	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024676	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-348A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2880	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/62962	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279	Tool Signature
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	6
microsoft	windows_server_2003	-
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	internet_explorer	7
microsoft	windows_server_2003	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_vista	-
microsoft	windows_vista	-
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	internet_explorer	8
microsoft	windows_7	-
microsoft	windows_server_2003	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_vista	-
microsoft	windows_vista	-
microsoft	windows_xp	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "cisaActionDue": "2025-10-27",
  "cisaExploitAdd": "2025-10-06",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "BADB0479-3E0E-4326-B568-9DBDCACF0B5E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*",
              "matchCriteriaId": "C2EE0AD3-2ADC-480E-B03E-06962EC4F095",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
              "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*",
              "matchCriteriaId": "C2EE0AD3-2ADC-480E-B03E-06962EC4F095",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
              "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores relacionados con secuencias de tokens de Hojas de Estilo en Cascada (CSS) y el atributo de clip, tambi\u00e9n se conoce como un problema \"invalid flag reference\" o \"Uninitialized Memory Corruption Vulnerability,\" tal y como se explot\u00f3 \"in the wild\" en noviembre 2010."
    }
  ],
  "id": "CVE-2010-3962",
  "lastModified": "2025-10-22T01:15:39.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2010-11-05T17:00:02.890",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42091"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/15418"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/15421"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/899748"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/44536"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1024676"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2880"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/15418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/15421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/899748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/44536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1024676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

gsd-2010-3962

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-3962

Aliases

CVE-2010-3962

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3962",
    "description": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010.",
    "id": "GSD-2010-3962",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-3962"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3962"
      ],
      "details": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010.",
      "id": "GSD-2010-3962",
      "modified": "2023-12-13T01:21:34.710602Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-3962",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "44536",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/44536"
          },
          {
            "name": "TA10-348A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
          },
          {
            "name": "MS10-090",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
          },
          {
            "name": "VU#899748",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/899748"
          },
          {
            "name": "42091",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42091"
          },
          {
            "name": "ADV-2010-2880",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2880"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/2458511.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
          },
          {
            "name": "1024676",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024676"
          },
          {
            "name": "15421",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/15421"
          },
          {
            "name": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks",
            "refsource": "MISC",
            "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks"
          },
          {
            "name": "ms-ie-flag-code-execution(62962)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962"
          },
          {
            "name": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:12279",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279"
          },
          {
            "name": "15418",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/15418"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3962"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks",
              "refsource": "MISC",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks"
            },
            {
              "name": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2458511.mspx",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx"
            },
            {
              "name": "1024676",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1024676"
            },
            {
              "name": "VU#899748",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/899748"
            },
            {
              "name": "ADV-2010-2880",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2880"
            },
            {
              "name": "42091",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42091"
            },
            {
              "name": "44536",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/44536"
            },
            {
              "name": "TA10-348A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
            },
            {
              "name": "15418",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.exploit-db.com/exploits/15418"
            },
            {
              "name": "15421",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.exploit-db.com/exploits/15421"
            },
            {
              "name": "ms-ie-flag-code-execution(62962)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962"
            },
            {
              "name": "oval:org.mitre.oval:def:12279",
              "refsource": "OVAL",
              "tags": [
                "Tool Signature"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279"
            },
            {
              "name": "MS10-090",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2022-02-28T19:15Z",
      "publishedDate": "2010-11-05T17:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-3962 (GCVE-0-2010-3962)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTA-2010-AVI-593

Vulnerability from certfr_avis

Description

Solution

CERTA-2010-ALE-019

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

ghsa-cmh7-cfjq-p92g

Vulnerability from github

fkie_cve-2010-3962

Vulnerability from fkie_nvd

gsd-2010-3962

Vulnerability from gsd

Tags

Sightings

Nomenclature