Executive Summary
Summary | |
---|---|
Title | Microsoft Internet Explorer invalid flag reference vulnerability |
Informations | |||
---|---|---|---|
Name | VU#899748 | First vendor Publication | 2010-11-03 |
Vendor | VU-CERT | Last vendor Modification | 2011-01-18 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#899748Microsoft Internet Explorer invalid flag reference vulnerabilityOverviewMicrosoft Internet Explorer invalid flag reference vulnerabilityI. DescriptionAccording to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets (CSS) tags when parsing HTML, resulting in an overwrite of the least significant byte of a vtable pointer. The Microsoft Security Advisory (2458511) refers to the vulnerability as an invalid flag reference vulnerability, where the reference to an object can be accessed after it is deleted.Exploit code for this vulnerability is publicly available. Workarounds
Referenceshttp://www.microsoft.com/technet/security/advisory/2458511.mspx Thanks to Microsoft Security Response Center for reporting this vulnerability, who in turn credit Symantec. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/899748 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-416 | Use After Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11574 | |||
Oval ID: | oval:org.mitre.oval:def:11574 | ||
Title: | DEPRECATED: Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3962 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12279 | |||
Oval ID: | oval:org.mitre.oval:def:12279 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3962 | Version: | 12 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
SAINT Exploits
Description | Link |
---|---|
Internet Explorer CSS clip attribute memory corruption | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-11-04 | Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2416400) File : nvt/secpod_ms10-090.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68987 | Microsoft IE mshtml CSS Tag Use-after-free Memory Corruption Microsoft IE contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to an invalid flag reference within Internet Explorer. It can allow remote code execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer CSS style memory corruption attempt RuleID : 25329 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS style memory corruption attempt RuleID : 19873 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CSS style memory corruption attempt RuleID : 19084 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer malformed table remote code execution attempt RuleID : 18221 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | DNS request for known malware domain www.dd0415.net RuleID : 18185 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain dnf.gametime.co.kr RuleID : 18184 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain mailzou.com RuleID : 18183 - Revision : 4 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain dfgdd.9y6c.co.cc RuleID : 18166 - Revision : 4 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain e.mssm.com RuleID : 18165 - Revision : 10 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.yx240.com RuleID : 18164 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.yisaa.com RuleID : 18163 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.weilingcy.com RuleID : 18162 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.street08.com RuleID : 18161 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.stony-skunk.com RuleID : 18160 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.soanala.com RuleID : 18159 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.shzhaotian.cn RuleID : 18158 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.quyou365.com RuleID : 18157 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.pxflm.com RuleID : 18156 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.pplog.cn RuleID : 18155 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.nc57.com RuleID : 18154 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.maoyiren.com RuleID : 18153 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.mainhu.com RuleID : 18152 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.kingsoftduba2009.com RuleID : 18151 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.jxbaike.com RuleID : 18150 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.haosf08.com RuleID : 18149 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.haoleyou.com RuleID : 18148 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.gev.cn RuleID : 18147 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.gdfp365.cn RuleID : 18146 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.fp360.net RuleID : 18145 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.fp0769.com RuleID : 18144 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.fp0755.cn RuleID : 18143 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.eastadmin.com RuleID : 18142 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.dspenter.com RuleID : 18141 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.cqtjg.com RuleID : 18140 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.china-aoben.com RuleID : 18139 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.chateaulegend.com RuleID : 18138 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.9292cs.cn RuleID : 18137 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.66xihu.com RuleID : 18136 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.555hd.com RuleID : 18135 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.551sf.com RuleID : 18134 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.001zs.com RuleID : 18133 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.ybtour.co.kr RuleID : 18131 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.wwmei.com RuleID : 18130 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.w22rt.com RuleID : 18129 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.uwonderfull.com RuleID : 18128 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.univus.co.kr RuleID : 18127 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.tpydb.com RuleID : 18126 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.tpydb.com RuleID : 18125 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.sijianfeng.com RuleID : 18124 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.phoroshop.es RuleID : 18123 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.opusgame.com RuleID : 18122 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.linzhiling123.com RuleID : 18121 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.iwebdy.net RuleID : 18120 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.ilbondrama.net RuleID : 18119 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.hao1345.com RuleID : 18118 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.cineseoul.com RuleID : 18117 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.bnbsoft.co.kr RuleID : 18116 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.ajs2002.com RuleID : 18115 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain www.5fqq.com RuleID : 18114 - Revision : 12 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain wusheng03.3322.org RuleID : 18113 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain wenyixuan.3322.org. RuleID : 18112 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain v.9y9c.co.cc RuleID : 18111 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain tiantianzaixian.gotoip1.com RuleID : 18110 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain talk.cetizen.com RuleID : 18109 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain phoroshop.es RuleID : 18108 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain jsshmz.gotoip4.com RuleID : 18107 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain e.msssm.com RuleID : 18106 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain baidutaobao.gotoip55.com RuleID : 18105 - Revision : 5 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain b.9s3.info RuleID : 18104 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain 5yvod.net RuleID : 18103 - Revision : 11 - Type : BLACKLIST |
2014-01-10 | DNS request for known malware domain wenyixuan.3322.org RuleID : 18081 - Revision : 5 - Type : BLACKLIST |
2015-05-28 | Microsoft Internet Explorer CSS style memory corruption attempt RuleID : 18062 - Revision : 7 - Type : WEB-CLIENT |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-12-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-090.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-04-10 13:28:16 |
|
2013-05-11 00:57:27 |
|