Internet Explorer CSS clip attribute memory corruption

2010-11-1600:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Added: 11/16/2010
CVE: CVE-2010-3962
BID: 44536
OSVDB: 68987

Background

Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.

Problem

A memory corruption vulnerability allows command execution when a user loads a web page containing a CSS clip attribute with a specific position, causing an invalid flag reference.

Resolution

Apply a patch when available. See Microsoft Security Advisory 2458511 for patch information.

References

<http://secunia.com/advisories/42091>

Limitations

Exploit works on Internet Explorer 6 on Windows XP SP3 with security update KB2360131, and requires a user to open the exploit page in Internet Explorer.