9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Added: 12/22/2010
CVE: CVE-2010-3971
BID: 45246
OSVDB: 69796
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.
Microsoft Internet Explorer is vulnerable to a use-after-free memory corruption vulnerability due to the way **mshtml.dll**
handles CSS files with multiple import statements.
Apply the patch referenced in Microsoft Security Advisory 2488013 when it becomes available.
<http://secunia.com/advisories/42510>
Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3.
The user must open a specially crafted CSS file in Internet Explorer 8.
Windows XP