CERTVU:899748Microsoft Internet Explorer invalid flag reference vulnerability
0.97 High
EPSS
Percentile
99.7%
Overview
Microsoft Internet Explorer invalid flag reference vulnerability
Description
According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets (CSS) tags when parsing HTML, resulting in an overwrite of the least significant byte of a vtable pointer. The Microsoft Security Advisory (2458511) refers to the vulnerability as an invalid flag reference vulnerability, where the reference to an object can be accessed after it is deleted.
Exploit code for this vulnerability is publicly available.
Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
Solution
Apply an update
This issue is addressed in Microsoft Security Bulletin MS10-090.
Workarounds
Microsoft has listed several workarounds in Microsoft Security Advisory (2458511).
Vendor Information
899748
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation Affected
Updated: January 18, 2011
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
- <http://www.microsoft.com/technet/security/advisory/2458511.mspx>
- <http://support.microsoft.com/kb/2458511>
- <http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx>
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- <http://www.microsoft.com/technet/security/advisory/2458511.mspx>
- <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3962>
- <http://support.microsoft.com/kb/2458511>
- <http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx>
- <http://www.exploit-db.com/exploits/15421/>
- <http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx>
Acknowledgements
Thanks to Microsoft Security Response Center for reporting this vulnerability, who in turn credit Symantec.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | CVE-2010-3962 |
|---|---|
| Severity Metric: | 54.62 Date Public: |
References
blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
support.microsoft.com/kb/2458511
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3962
www.exploit-db.com/exploits/15421/
www.microsoft.com/technet/security/advisory/2458511.mspx
www.microsoft.com/technet/security/bulletin/MS10-090.mspx
Related
