Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:F5766CE473D2EDA122241FFADA6048AB
HistoryDec 22, 2010 - 12:00 a.m.

Microsoft Internet Explorer CSS Import Use-After-Free Code Execution

2010-12-2200:00:00
SAINT Corporation
www.saintcorporation.com
16

0.97 High

EPSS

Percentile

99.7%

JSON

Added: 12/22/2010
CVE: CVE-2010-3971
BID: 45246
OSVDB: 69796

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.

Problem

Microsoft Internet Explorer is vulnerable to a use-after-free memory corruption vulnerability due to the way **mshtml.dll** handles CSS files with multiple import statements.

Resolution

Apply the patch referenced in Microsoft Security Advisory 2488013 when it becomes available.

References

<http://secunia.com/advisories/42510&gt;

Limitations

Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3.

The user must open a specially crafted CSS file in Internet Explorer 8.

Platforms

Windows XP

Related

prion 1
cve 1
checkpoint_advisories 2
saint 3
nessus 2
openvas 4
packetstorm 1
canvas 1
cert 1
securityvulns 1
thn 1
prion
prion
Memory corruption
2010-12-22 21:00:00
cve
cve
CVE-2010-3971
2010-12-22 21:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer CSS Recursive Import Memory Corruption (CVE-2010-3971)
2010-12-23 00:00:00
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution (MS11-003; CVE-2004-0842; CVE-2010-3971)
2010-02-18 00:00:00
saint
saint
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution
2010-12-22 00:00:00
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution
2010-12-22 00:00:00
Microsoft Internet Explorer CSS Import Use-After-Free Code Execution
2010-12-22 00:00:00
nessus
nessus
MS KB2488013: Internet Explorer CSS Import Rule Processing Arbitrary Code Execution
2011-01-20 00:00:00
MS11-003: Cumulative Security Update for Internet Explorer (2482017)
2011-02-08 00:00:00
openvas
openvas
Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
2010-12-31 00:00:00
Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
2010-12-31 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
2011-02-09 00:00:00
packetstorm
packetstorm
Internet Explorer CSS Recursive Import Use After Free
2011-02-10 00:00:00
canvas
canvas
Immunity Canvas: MS11_003
2010-12-22 21:00:00
cert
cert
Microsoft Internet Explorer CSS use-after-free vulnerability
2010-12-13 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2011-02-14 00:00:00
thn
thn
Phoenix Exploit's Kit 2.8 mini version
2011-10-12 17:41:00

0.97 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:F5766CE473D2EDA122241FFADA6048AB
prion1cve1checkpoint_advisories2saint3nessus2openvas4packetstorm1canvas1cert1securityvulns1thn1