Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasIE_SETUSERCLIP
HistoryNov 05, 2010 - 5:00 p.m.

Immunity Canvas: IE_SETUSERCLIP

2010-11-0517:00:00
Immunity Canvas
exploitlist.immunityinc.com
62

EPSS

0.97

Percentile

99.8%

JSON
Name ie_setuserclip
CVE CVE-2010-3962 Exploit Pack
Notes:
This bug was discovered in the wild.
IE6, 7 and 8 are vulnerable to this bug, but because of its behaviour some versions will not be exploitable.
The only full patched IE that i found vulnerable was IE6, but diserves more research on other ways to trigger it.

The behaviour of this bug is:
object[0] |= 0x1
So this way we OR the vtable and as it is aligned, it has the effect of vtable = vtable+1.
Then when we call any function of the vtable it is defaced by one, so we just call different regions
of memory depending on the version of mshtml.

VersionsAffected: IE 6, 7, 8
VENDOR: Microsoft
CVE Name: CVE-2010-3962

Related

seebug 1
prion 1
cvelist 1
saint 4
packetstorm 3
exploitdb 3
securityvulns 2
metasploit 1
checkpoint_advisories 2
thn 1
cve 1
nvd 1
zdt 1
cert 1
exploitpack 1
threatpost 1
openvas 2
nessus 1
mskb 1
seebug
seebug
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
2010-11-05 00:00:00
prion
prion
Memory corruption
2010-11-05 17:00:00
cvelist
cvelist
CVE-2010-3962
2010-11-05 16:28:00
saint
saint
Internet Explorer CSS clip attribute memory corruption
2010-11-16 00:00:00
Internet Explorer CSS clip attribute memory corruption
2010-11-16 00:00:00
Internet Explorer CSS clip attribute memory corruption
2010-11-16 00:00:00
packetstorm
packetstorm
Internet Explorer CSS SetUserClip Memory Corruption
2010-12-14 00:00:00
Microsoft Internet Explorer 6 / 7 / 8 Memory Corruption
2010-11-05 00:00:00
Internet Explorer CSS Tags Memory Corruption
2010-11-05 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - Memory Corruption
2010-11-04 00:00:00
Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (MS10-090) (Metasploit)
2011-01-20 00:00:00
Microsoft Internet Explorer 6/7/8 - Memory Corruption
2010-11-04 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability
2010-12-15 00:00:00
Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer (2416400)
2010-12-15 00:00:00
metasploit
metasploit
MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption
2010-12-14 18:41:20
checkpoint_advisories
checkpoint_advisories
Internet Explorer Table Handling Memory Corruption (CVE-2010-3962)
2010-11-04 00:00:00
Microsoft Internet Explorer CSS Table Handling Memory Corruption (MS10-090; CVE-2010-3962)
2014-04-13 00:00:00
thn
thn
Top 5 Internet Security Threats for Businesses in 2023
2010-12-23 23:51:00
cve
cve
CVE-2010-3962
2010-11-05 17:00:02
nvd
nvd
CVE-2010-3962
2010-11-05 17:00:02
zdt
zdt
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
2010-11-05 00:00:00
cert
cert
Microsoft Internet Explorer invalid flag reference vulnerability
2010-11-03 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 678 - Memory Corruption
2010-11-04 00:00:00
threatpost
threatpost
New Remotely Exploitable Bug Found in Internet Explorer
2010-12-10 14:22:34
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
nessus
nessus
MS10-090: Cumulative Security Update for Internet Explorer (2416400)
2010-12-15 00:00:00
mskb
mskb
MS10-090: Cumulative security update for Internet Explorer
2014-06-21 14:33:28

EPSS

0.97

Percentile

99.8%

JSON
Related for IE_SETUSERCLIP
seebug1prion1cvelist1saint4packetstorm3exploitdb3securityvulns2metasploit1checkpoint_advisories2thn1cve1nvd1zdt1cert1exploitpack1threatpost1openvas2nessus1mskb1