CVE-2010-3962
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 14, 2010
- Published Date
- November 05, 2010
- Last Updated
- October 22, 2025
- Vendor
- Microsoft
- Product
- Internet Explorer
- Description
- Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2010-11-05 16:28:00 UTC) Source
metasploit
cisa
CVSS Scores
CVSS v3.1
8.1 - HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
http://www.securityfocus.com/bid/44536
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
http://www.kb.cert.org/vuls/id/899748
http://secunia.com/advisories/42091
http://www.vupen.com/english/advisories/2010/2880
http://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.securitytracker.com/id?1024676
http://www.exploit-db.com/exploits/15421
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279
http://www.exploit-db.com/exploits/15418
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2010-11-05 16:28:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb | 2025-04-28 15:02:41 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ms10_090_ie_css_clip
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-3962
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit