Lucene search

K

SAINT CorporationSAINT:7A05F10246109E3D4CDA931D4814B4B9

HistoryNov 16, 2010 - 12:00 a.m.

Internet Explorer CSS clip attribute memory corruption

2010-11-1600:00:00

SAINT Corporation

my.saintcorporation.com

24

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.97

Percentile

99.8%

Added: 11/16/2010
CVE: CVE-2010-3962
BID: 44536
OSVDB: 68987

Background

Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.

Problem

A memory corruption vulnerability allows command execution when a user loads a web page containing a CSS clip attribute with a specific position, causing an invalid flag reference.

Resolution

Apply a patch when available. See Microsoft Security Advisory 2458511 for patch information.

References

<http://secunia.com/advisories/42091>

Limitations

Exploit works on Internet Explorer 6 on Windows XP SP3 with security update KB2360131, and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows XP

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.97

Percentile

99.8%

Related for SAINT:7A05F10246109E3D4CDA931D4814B4B9

packetstorm3 saint3 seebug1 prion1 cvelist1 exploitdb3 canvas1 securityvulns2 zdt1 cert1 exploitpack1 checkpoint_advisories2 cve1 thn1 nvd1 metasploit1 threatpost1 nessus1 mskb1 openvas2