Lucene search

[email protected]NVD:CVE-2010-3886

HistoryOct 08, 2010 - 10:00 p.m.

CVE-2010-3886

2010-10-0822:00:36

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.006

Percentile

78.7%

JSON

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch8

VendorProductVersionCPE
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	8	cpe:2.3:a:microsoft:internet_explorer:8:::::::*

References

archives.neohapsis.com/archives/bugtraq/2010-06/0259.html

twitter.com/WisecWisec/statuses/17254776077

www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.006

Percentile

78.7%

JSON

Related for NVD:CVE-2010-3886

prion1 openvas2 cve1 exploitdb1 cvelist1