Added: 12/22/2010
CVE: CVE-2010-3971
BID: 45246
OSVDB: 69796
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.
Microsoft Internet Explorer is vulnerable to a use-after-free memory corruption vulnerability due to the way **mshtml.dll**
handles CSS files with multiple import statements.
Apply the patch referenced in Microsoft Security Advisory 2488013 when it becomes available.
<http://secunia.com/advisories/42510>
Exploit works on Microsoft Internet Explorer 8 on Windows XP SP3.
The user must open a specially crafted CSS file in Internet Explorer 8.
Windows XP