VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3962
ie: Use-after-free vulnerability in Microsoft Internet ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3962

Original

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences, aka an "invalid flag reference" issue, as exploited in the wild in November 2010.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-11-05
Source Information Category:
Advisory, Alert
Last Updated:
2010-11-08




Affected Product Tags
cpe:/a:microsoft:ie:6
cpe:/a:microsoft:ie:7
cpe:/a:microsoft:ie:8
cpe:/o:microsoft:windows_2003_server::sp2
cpe:/o:microsoft:windows_2003_server::sp2:itanium
cpe:/o:microsoft:windows_7
cpe:/o:microsoft:windows_7:-:-:x32
cpe:/o:microsoft:windows_7:-:-:x64
cpe:/o:microsoft:windows_server_2003::sp2:x64
cpe:/o:microsoft:windows_server_2008:-:sp2:itanium
cpe:/o:microsoft:windows_server_2008:::itanium
cpe:/o:microsoft:windows_server_2008:::x32
cpe:/o:microsoft:windows_server_2008:::x64
cpe:/o:microsoft:windows_server_2008::r2:itanium
cpe:/o:microsoft:windows_server_2008::r2:x64
cpe:/o:microsoft:windows_server_2008::sp2:x32
cpe:/o:microsoft:windows_server_2008::sp2:x64
cpe:/o:microsoft:windows_vista:-:sp1
cpe:/o:microsoft:windows_vista:-:sp2
cpe:/o:microsoft:windows_vista::sp1
cpe:/o:microsoft:windows_vista::sp1:x64
cpe:/o:microsoft:windows_vista::sp2
cpe:/o:microsoft:windows_vista::sp2:x64
cpe:/o:microsoft:windows_xp:-:sp2:x64
cpe:/o:microsoft:windows_xp::sp3
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
CONFIRM http://www.microsoft.com/technet/security/advisory/2458511.mspx




CONFIRM http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx




MISC http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks




Vulnerability Type Resource Management Errors (CWE-399)




Copyright © 2010 JPCERT/CC All Rights Reserved.