Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:01A02829A859FB4D8BCE52958EE67650
HistoryDec 22, 2010 - 12:00 a.m.

Microsoft Internet Explorer CSS Import Use-After-Free Code Execution

2010-12-2200:00:00
SAINT Corporation
download.saintcorporation.com
38

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Added: 12/22/2010
CVE: CVE-2010-3971
BID: 45246
OSVDB: 69796

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.

Problem

Microsoft Internet Explorer is vulnerable to a use-after-free memory corruption vulnerability due to the way **mshtml.dll** handles CSS files with multiple import statements.

Resolution

Apply the patch referenced in Microsoft Security Advisory 2488013 when it becomes available.

References

<http://secunia.com/advisories/42510&gt;

Limitations

Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3.

The user must open a specially crafted CSS file in Internet Explorer 8.

Platforms

Windows XP

Related

prion 1
cve 1
saint 3
openvas 4
packetstorm 1
canvas 1
checkpoint_advisories 2
nessus 2
cert 1
securityvulns 1
thn 1
prion
prion
Memory corruption
2010-12-22 21:00:00
cve
cve
CVE-2010-3971
2010-12-22 21:00:00
saint
saint
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution
2010-12-22 00:00:00
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution
2010-12-22 00:00:00
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution
2010-12-22 00:00:00
openvas
openvas
Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
2010-12-31 00:00:00
Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
2010-12-31 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
2011-02-09 00:00:00
packetstorm
packetstorm
Internet Explorer CSS Recursive Import Use After Free
2011-02-10 00:00:00
canvas
canvas
Immunity Canvas: MS11_003
2010-12-22 21:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer CSS Recursive Import Memory Corruption (CVE-2010-3971)
2010-12-23 00:00:00
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution (MS11-003; CVE-2004-0842; CVE-2010-3971)
2010-02-18 00:00:00
nessus
nessus
MS KB2488013: Internet Explorer CSS Import Rule Processing Arbitrary Code Execution
2011-01-20 00:00:00
MS11-003: Cumulative Security Update for Internet Explorer (2482017)
2011-02-08 00:00:00
cert
cert
Microsoft Internet Explorer CSS use-after-free vulnerability
2010-12-13 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2011-02-14 00:00:00
thn
thn
Phoenix Exploit's Kit 2.8 mini version
2011-10-12 17:41:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:01A02829A859FB4D8BCE52958EE67650
prion1cve1saint3openvas4packetstorm1canvas1checkpoint_advisories2nessus2cert1securityvulns1thn1