cvelistv5 - CVE-2010-3971

CVE-2010-3971 (GCVE-0-2010-3971)

Vulnerability from cvelistv5

Published

2010-12-22 20:00

Modified

2024-08-07 03:26

Severity ?

CWE

Summary

Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."

References

URL

Tags

secure@microsoft.com	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
secure@microsoft.com	http://seclists.org/fulldisclosure/2010/Dec/110	Exploit
secure@microsoft.com	http://secunia.com/advisories/42510	Vendor Advisory
secure@microsoft.com	http://support.avaya.com/css/P8/documents/100127294
secure@microsoft.com	http://www.breakingpointsystems.com/community/blog/ie-vulnerability/	Exploit
secure@microsoft.com	http://www.exploit-db.com/exploits/15708	Exploit
secure@microsoft.com	http://www.exploit-db.com/exploits/15746	Exploit
secure@microsoft.com	http://www.kb.cert.org/vuls/id/634956	US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/2488013.mspx
secure@microsoft.com	http://www.securityfocus.com/bid/45246
secure@microsoft.com	http://www.securitytracker.com/id?1024922
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/3156	Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2011/0318
secure@microsoft.com	http://www.wooyun.org/bugs/wooyun-2010-0885	Exploit
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2010/Dec/110	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42510	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/css/P8/documents/100127294
af854a3a-2127-422b-91ae-364da2661108	http://www.breakingpointsystems.com/community/blog/ie-vulnerability/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15708	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15746	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/634956	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/2488013.mspx
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45246
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024922
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3156	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0318
af854a3a-2127-422b-91ae-364da2661108	http://www.wooyun.org/bugs/wooyun-2010-0885	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:12.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#634956",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/634956"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
          },
          {
            "name": "15746",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15746"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100127294"
          },
          {
            "name": "ADV-2011-0318",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0318"
          },
          {
            "name": "15708",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15708"
          },
          {
            "name": "ADV-2010-3156",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3156"
          },
          {
            "name": "MS11-003",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
          },
          {
            "name": "1024922",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024922"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
          },
          {
            "name": "20101208 IE CSS parser dos bug",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2010/Dec/110"
          },
          {
            "name": "45246",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45246"
          },
          {
            "name": "oval:org.mitre.oval:def:12382",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
          },
          {
            "name": "42510",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42510"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "VU#634956",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/634956"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
        },
        {
          "name": "15746",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15746"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100127294"
        },
        {
          "name": "ADV-2011-0318",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0318"
        },
        {
          "name": "15708",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15708"
        },
        {
          "name": "ADV-2010-3156",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3156"
        },
        {
          "name": "MS11-003",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
        },
        {
          "name": "1024922",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024922"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
        },
        {
          "name": "20101208 IE CSS parser dos bug",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2010/Dec/110"
        },
        {
          "name": "45246",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45246"
        },
        {
          "name": "oval:org.mitre.oval:def:12382",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
        },
        {
          "name": "42510",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42510"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#634956",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/634956"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2488013.mspx",
              "refsource": "MISC",
              "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
            },
            {
              "name": "15746",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/15746"
            },
            {
              "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
            },
            {
              "name": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/",
              "refsource": "MISC",
              "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100127294",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100127294"
            },
            {
              "name": "ADV-2011-0318",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0318"
            },
            {
              "name": "15708",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/15708"
            },
            {
              "name": "ADV-2010-3156",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3156"
            },
            {
              "name": "MS11-003",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
            },
            {
              "name": "1024922",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024922"
            },
            {
              "name": "http://www.wooyun.org/bugs/wooyun-2010-0885",
              "refsource": "MISC",
              "url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
            },
            {
              "name": "20101208 IE CSS parser dos bug",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2010/Dec/110"
            },
            {
              "name": "45246",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45246"
            },
            {
              "name": "oval:org.mitre.oval:def:12382",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
            },
            {
              "name": "42510",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42510"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-3971",
    "datePublished": "2010-12-22T20:00:00",
    "dateReserved": "2010-10-14T00:00:00",
    "dateUpdated": "2024-08-07T03:26:12.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3971\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-12-22T21:00:17.723\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \\\"CSS Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n CSharedStyleSheet::Notify en el parseado Cascading Style Sheets (CSS) en mshtml.dll, como el usado en Microsoft Internet Explorer v7 y v8 y probablemente otros productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de multiples llamdas @import en un documento manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52E757F-9B41-43B4-9D67-3FEDACA71283\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2010/Dec/110\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/42510\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/css/P8/documents/100127294\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.breakingpointsystems.com/community/blog/ie-vulnerability/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.exploit-db.com/exploits/15708\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.exploit-db.com/exploits/15746\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/634956\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2488013.mspx\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/45246\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1024922\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3156\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0318\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.wooyun.org/bugs/wooyun-2010-0885\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2010/Dec/110\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/42510\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.avaya.com/css/P8/documents/100127294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.breakingpointsystems.com/community/blog/ie-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.exploit-db.com/exploits/15708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.exploit-db.com/exploits/15746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/634956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2488013.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3156\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0318\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.wooyun.org/bugs/wooyun-2010-0885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2010-3971

Vulnerability from fkie_nvd

Published

2010-12-22 21:00

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
secure@microsoft.com	http://seclists.org/fulldisclosure/2010/Dec/110	Exploit
secure@microsoft.com	http://secunia.com/advisories/42510	Vendor Advisory
secure@microsoft.com	http://support.avaya.com/css/P8/documents/100127294
secure@microsoft.com	http://www.breakingpointsystems.com/community/blog/ie-vulnerability/	Exploit
secure@microsoft.com	http://www.exploit-db.com/exploits/15708	Exploit
secure@microsoft.com	http://www.exploit-db.com/exploits/15746	Exploit
secure@microsoft.com	http://www.kb.cert.org/vuls/id/634956	US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/2488013.mspx
secure@microsoft.com	http://www.securityfocus.com/bid/45246
secure@microsoft.com	http://www.securitytracker.com/id?1024922
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/3156	Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2011/0318
secure@microsoft.com	http://www.wooyun.org/bugs/wooyun-2010-0885	Exploit
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2010/Dec/110	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42510	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/css/P8/documents/100127294
af854a3a-2127-422b-91ae-364da2661108	http://www.breakingpointsystems.com/community/blog/ie-vulnerability/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15708	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15746	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/634956	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/2488013.mspx
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45246
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024922
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3156	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0318
af854a3a-2127-422b-91ae-364da2661108	http://www.wooyun.org/bugs/wooyun-2010-0885	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382

Impacted products

	Vendor	Product	Version
	microsoft	internet_explorer	7
	microsoft	internet_explorer	8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n CSharedStyleSheet::Notify en el parseado Cascading Style Sheets (CSS) en mshtml.dll, como el usado en Microsoft Internet Explorer v7 y v8 y probablemente otros productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de multiples llamdas @import en un documento manipulado."
    }
  ],
  "id": "CVE-2010-3971",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-22T21:00:17.723",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2010/Dec/110"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42510"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://support.avaya.com/css/P8/documents/100127294"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/15708"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/15746"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/634956"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/45246"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1024922"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3156"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2011/0318"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2010/Dec/110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/css/P8/documents/100127294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/15708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/15746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/634956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/3156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2010-3971

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-3971

Aliases

CVE-2010-3971

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3971",
    "description": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\"",
    "id": "GSD-2010-3971",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-3971"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3971"
      ],
      "details": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\"",
      "id": "GSD-2010-3971",
      "modified": "2023-12-13T01:21:34.961679Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-3971",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#634956",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/634956"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/2488013.mspx",
            "refsource": "MISC",
            "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
          },
          {
            "name": "15746",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/15746"
          },
          {
            "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
            "refsource": "MISC",
            "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
          },
          {
            "name": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/",
            "refsource": "MISC",
            "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
          },
          {
            "name": "http://support.avaya.com/css/P8/documents/100127294",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/css/P8/documents/100127294"
          },
          {
            "name": "ADV-2011-0318",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0318"
          },
          {
            "name": "15708",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/15708"
          },
          {
            "name": "ADV-2010-3156",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/3156"
          },
          {
            "name": "MS11-003",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
          },
          {
            "name": "1024922",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024922"
          },
          {
            "name": "http://www.wooyun.org/bugs/wooyun-2010-0885",
            "refsource": "MISC",
            "url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
          },
          {
            "name": "20101208 IE CSS parser dos bug",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2010/Dec/110"
          },
          {
            "name": "45246",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45246"
          },
          {
            "name": "oval:org.mitre.oval:def:12382",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
          },
          {
            "name": "42510",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42510"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-3971"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-3156",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3156"
            },
            {
              "name": "42510",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42510"
            },
            {
              "name": "15708",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/15708"
            },
            {
              "name": "20101208 IE CSS parser dos bug",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/Dec/110"
            },
            {
              "name": "45246",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/45246"
            },
            {
              "name": "15746",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/15746"
            },
            {
              "name": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
            },
            {
              "name": "http://www.wooyun.org/bugs/wooyun-2010-0885",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
            },
            {
              "name": "VU#634956",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/634956"
            },
            {
              "name": "1024922",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024922"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2488013.mspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
            },
            {
              "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
            },
            {
              "name": "ADV-2011-0318",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0318"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100127294",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/css/P8/documents/100127294"
            },
            {
              "name": "oval:org.mitre.oval:def:12382",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
            },
            {
              "name": "MS11-003",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T15:12Z",
      "publishedDate": "2010-12-22T21:00Z"
    }
  }
}

CERTA-2010-ALE-021

Vulnerability from certfr_alerte

L'éditeur a publié un correctif le 08 février 2011.

Une vulnérabilité dans Microsoft Internet Explorer permet à un utilisateur malveillant d'exécuter du code arbitraire à distance par l'intermédiaire d'une page web spécialement conçue.

Description

Une vulnérabilité affecte Microsoft Internet Explorer et permet à un utilisateur malveillant d'exécuter du code arbitraire à distance en utilisant des feuilles de style (CSS) spécialement conçues.

Une preuve de faisabilité est déjà disponible sur l'Internet.

Contournement provisoire

Dans l'attente d'un correctif de l'éditeur, le CERTA recommande plusieurs actions :

pour limiter la possibilité d'exploitation de la vulnérabilité :
- la désactivation de l'interprétation des scripts Javascript ;
- le déploiement d'EMET (Enhanced Mitigation Experience Toolkit) ;
- l'utilisation d'un navigateur alternatif ;
pour limiter l'impact de l'exploitation de la vulnérabilité, l'utilisation d'un compte utilisateur avec des droits restreints.

Microsoft a publié le correctif MicrosoftFixIt50591.msi afin d'aller éditer temporairement la bibliothèque partagée MSHTML.DLL, responsable de cette vulnérabilité. Pour pouvoir appliquer ce correctif il est nécessaire d'appliquer les dernières mises à jour de sécurité, notamment le correctif MS10-090 du 14 décembre 2010.

Il est également nécessaire de bien mesurer les effets de bord possibles de ce correctif avant tout déploiement en production.

Solution

L'éditeur a publié le correctif MS11-003 pour corriger cette vulnérabilité.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Internet Explorer 8.
Microsoft	N/A	Microsoft Internet Explorer 7 ;
Microsoft	N/A	Microsoft Internet Explorer 6 ;

References

Title

Publication Time

Tags

Bulletin de Sécurité Microsoft 2488013 du 22 décembre 2010	None	vendor-advisory
Document du CERTA CERTA-2011-AVI-058 du 09 février 2011 :	-	other
Bloc-Notes Microsoft SRD, "New workaround included in security Advisory 2488013", 11 janvier 2011 :	-	other
Bulletin de sécurité Microsoft MS11-003 du 08 février 2011 :	-	other
Bloc-Notes Microsoft SRD, "New Internet Explorer vulnerability affecting all versions of IE", 22 décembre 2010 :	-	other
Bulletin de sécurité Microsoft 2488013 du 22 décembre 2010 :	-	other
Bulletin de sécurité Microsoft MS11-003 du 08 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2011-02-09",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 affecte Microsoft Internet Explorer et permet \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance en\nutilisant des feuilles de style (CSS) sp\u00e9cialement con\u00e7ues.\n\nUne preuve de faisabilit\u00e9 est d\u00e9j\u00e0 disponible sur l\u0027Internet.\n\n## Contournement provisoire\n\nDans l\u0027attente d\u0027un correctif de l\u0027\u00e9diteur, le CERTA recommande\nplusieurs actions :\n\n-   pour limiter la possibilit\u00e9 d\u0027exploitation de la vuln\u00e9rabilit\u00e9\u00a0:\n    -   la d\u00e9sactivation de l\u0027interpr\u00e9tation des scripts Javascript\u00a0;\n    -   le d\u00e9ploiement d\u0027EMET (Enhanced Mitigation Experience Toolkit)\u00a0;\n    -   l\u0027utilisation d\u0027un navigateur alternatif ;\n-   pour limiter l\u0027impact de l\u0027exploitation de la vuln\u00e9rabilit\u00e9,\n    l\u0027utilisation d\u0027un compte utilisateur avec des droits restreints.\n\nMicrosoft a publi\u00e9 le correctif MicrosoftFixIt50591.msi afin d\u0027aller\n\u00e9diter temporairement la biblioth\u00e8que partag\u00e9e MSHTML.DLL, responsable\nde cette vuln\u00e9rabilit\u00e9. Pour pouvoir appliquer ce correctif il est\nn\u00e9cessaire d\u0027appliquer les derni\u00e8res mises \u00e0 jour de s\u00e9curit\u00e9, notamment\nle correctif MS10-090 du 14 d\u00e9cembre 2010.\n\nIl est \u00e9galement n\u00e9cessaire de bien mesurer les effets de bord possibles\nde ce correctif avant tout d\u00e9ploiement en production.\n\n## Solution\n\nL\u0027\u00e9diteur a publi\u00e9 le correctif MS11-003 pour corriger cette\nvuln\u00e9rabilit\u00e9.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3971"
    }
  ],
  "initial_release_date": "2010-12-22T00:00:00",
  "last_revision_date": "2011-02-09T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2011-AVI-058 du 09 f\u00e9vrier 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-058/"
    },
    {
      "title": "Bloc-Notes Microsoft SRD, \"New workaround included in    security Advisory 2488013\", 11 janvier 2011 :",
      "url": "http://blogs.technet.com/b/srd/archive/2011/01/11/new-workaround-included-in-security-advisory-2488013.aspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-003 du 08 f\u00e9vrier 2011    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS11-003.mspx"
    },
    {
      "title": "Bloc-Notes Microsoft SRD, \"New Internet Explorer    vulnerability affecting all versions of IE\", 22 d\u00e9cembre 2010 :",
      "url": "http://blogs.technet.com/b/srd/archive/2010/12/22/new-internet-explorer-vulnerability-affecting-all-versions-of-ie.aspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft 2488013 du 22 d\u00e9cembre 2010    :",
      "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-003 du 08 f\u00e9vrier 2011    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx"
    }
  ],
  "reference": "CERTA-2010-ALE-021",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-22T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin Microsoft et de la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2010-12-23T00:00:00.000000"
    },
    {
      "description": "ajout du correctif temporaire dans les contournements provisoires.",
      "revision_date": "2011-01-12T00:00:00.000000"
    },
    {
      "description": "ajout du correctif MS11-003.",
      "revision_date": "2011-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "L\u0027\u00e9diteur a publi\u00e9 un correctif le 08 f\u00e9vrier 2011.\n\nUne vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer permet \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par\nl\u0027interm\u00e9diaire d\u0027une page web sp\u00e9cialement con\u00e7ue.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft 2488013 du 22 d\u00e9cembre 2010",
      "url": null
    }
  ]
}

ghsa-r6fx-qpgx-pg2w

Vulnerability from github

Published

2022-05-13 01:07

Modified

2025-04-11 03:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3971"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-22T21:00:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\"",
  "id": "GHSA-r6fx-qpgx-pg2w",
  "modified": "2025-04-11T03:42:26Z",
  "published": "2022-05-13T01:07:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3971"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2010/Dec/110"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42510"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/css/P8/documents/100127294"
    },
    {
      "type": "WEB",
      "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15708"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15746"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/634956"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45246"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024922"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/3156"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0318"
    },
    {
      "type": "WEB",
      "url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-058

Vulnerability from certfr_avis

Plusieurs vulnérabilités d'Internet Explorer permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Quatre vulnérabilités d'Internet Explorer viennent d'être corrigées :

la première concerne le traitement récursif des feuilles de style (CSS). Elle est décrite dans l'alerte CERTA-2010-ALE-021 (voir section Documentation) ;
deux autres sont relatives à l'utilisation d'objets non initialisés ou effacés ;
la dernière provient de la recherche et du chargement des bibliothèques dynamiques (DLL). Cette vulnérabilité est décrite dans le bulletin d'actualité CERTA-2010-ACT-034 (voir section Documentation).

Chacune de ces vulnérabilités permet à un utilisateur malveillant d'exécuter du code arbitraire à distance avec les droits de l'utilisateur d'Internet Explorer.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Internet Explorer, version 6,7 et 8.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-003 du 08 février 2011	None	vendor-advisory
Document du CERTA CERTA-2010-ACT-034 du 26 août 2010 :	-	other
Document du CERTA CERTA-2010-ALE-021 du 12 janvier 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eInternet Explorer, version 6,7 et 8.\u003c/p\u003e",
  "content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s d\u0027Internet Explorer viennent d\u0027\u00eatre corrig\u00e9es\u00a0:\n\n-   la premi\u00e8re concerne le traitement r\u00e9cursif des feuilles de style\n    (CSS). Elle est d\u00e9crite dans l\u0027alerte CERTA-2010-ALE-021 (voir\n    section Documentation)\u00a0;\n-   deux autres sont relatives \u00e0 l\u0027utilisation d\u0027objets non initialis\u00e9s\n    ou effac\u00e9s\u00a0;\n-   la derni\u00e8re provient de la recherche et du chargement des\n    biblioth\u00e8ques dynamiques (DLL). Cette vuln\u00e9rabilit\u00e9 est d\u00e9crite dans\n    le bulletin d\u0027actualit\u00e9 CERTA-2010-ACT-034 (voir section\n    Documentation).\n\nChacune de ces vuln\u00e9rabilit\u00e9s permet \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec les droits de\nl\u0027utilisateur d\u0027Internet Explorer.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0038"
    },
    {
      "name": "CVE-2010-3971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3971"
    },
    {
      "name": "CVE-2011-0035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0035"
    },
    {
      "name": "CVE-2011-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0036"
    }
  ],
  "initial_release_date": "2011-02-09T00:00:00",
  "last_revision_date": "2011-02-09T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2010-ACT-034 du 26 ao\u00fbt 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ACT-034/index.html"
    },
    {
      "title": "Document du CERTA CERTA-2010-ALE-021 du 12 janvier 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-021/index.html"
    }
  ],
  "reference": "CERTA-2011-AVI-058",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u0027Internet Explorer permettent \u00e0 un utilisateur\nmalveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-003 du 08 f\u00e9vrier 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-3971 (GCVE-0-2010-3971)

Vulnerability from cvelistv5

fkie_cve-2010-3971

Vulnerability from fkie_nvd

gsd-2010-3971

Vulnerability from gsd

CERTA-2010-ALE-021

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

ghsa-r6fx-qpgx-pg2w

Vulnerability from github

CERTA-2011-AVI-058

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature