CVE-2010-3971
Microsoft Internet Explorer 8 - CSS Parser Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
9Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
Vulnerabilidad de uso después de liberación en la función CSharedStyleSheet::Notify en el parseado Cascading Style Sheets (CSS) en mshtml.dll, como el usado en Microsoft Internet Explorer v7 y v8 y probablemente otros productos, permite a atacantes remotos causar una denegación de servicio (caída) y ejecutar código de su elección a través de multiples llamdas @import en un documento manipulado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-10-14 CVE Reserved
- 2010-12-08 First Exploit
- 2010-12-22 CVE Published
- 2024-08-07 CVE Updated
- 2025-04-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx | X_refsource_misc | |
| http://support.avaya.com/css/P8/documents/100127294 | X_refsource_confirm | |
| http://www.kb.cert.org/vuls/id/634956 | Third Party Advisory |
|
| http://www.microsoft.com/technet/security/advisory/2488013.mspx | X_refsource_misc | |
| http://www.securityfocus.com/bid/45246 | Vdb Entry | |
| http://www.securitytracker.com/id?1024922 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0318 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/15708 | 2010-12-08 | |
| https://www.exploit-db.com/exploits/15746 | 2010-12-15 | |
| https://www.exploit-db.com/exploits/16533 | 2011-02-08 | |
| https://github.com/nektra/CVE-2010-3971-hotpatch | 2013-08-07 | |
| http://seclists.org/fulldisclosure/2010/Dec/110 | 2024-08-07 | |
| http://www.breakingpointsystems.com/community/blog/ie-vulnerability | 2024-08-07 | |
| http://www.exploit-db.com/exploits/15708 | 2024-08-07 | |
| http://www.exploit-db.com/exploits/15746 | 2024-08-07 | |
| http://www.wooyun.org/bugs/wooyun-2010-0885 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/42510 | 2021-07-23 | |
| http://www.vupen.com/english/advisories/2010/3156 | 2021-07-23 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7 Search vendor "Microsoft" for product "Internet Explorer" and version "7" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 8 Search vendor "Microsoft" for product "Internet Explorer" and version "8" | - |
Affected
| ||||||