CVE-2010-3962 Information

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 7 and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute aka an \invalid flag reference\ issue or \Uninitialized Memory Corruption Vulnerability\ as exploited in the wild in November 2010.

Reference

http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx http://secunia.com/advisories/42091 http://www.exploit-db.com/exploits/15418 http://www.exploit-db.com/exploits/15421 http://www.kb.cert.org/vuls/id/899748 http://www.microsoft.com/technet/security/advisory/2458511.mspx http://www.securityfocus.com/bid/44536 http://www.securitytracker.com/id?1024676 http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks http://www.us-cert.gov/cas/techalerts/TA10-348A.html http://www.vupen.com/english/advisories/2010/2880 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://exchange.xforce.ibmcloud.com/vulnerabilities/62962 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12279