CVE-2010-3971

EPSS 81.7%

Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."

Affected products

n/a · n/a

public PoCs found — 6

githubgithub.com/nektra/CVE-2010-3971-hotpatch★ 2 cve_referencewww.exploit-db.com/exploits/15708unverified cve_referencewww.exploit-db.com/exploits/15746unverified exploitdbwww.exploit-db.com/exploits/15708unverified exploitdbwww.exploit-db.com/exploits/16533unverified exploitdbwww.exploit-db.com/exploits/15746unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 http://seclists.org/fulldisclosure/2010/Dec/110 http://secunia.com/advisories/42510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382 http://support.avaya.com/css/P8/documents/100127294 http://www.breakingpointsystems.com/community/blog/ie-vulnerability/http://www.exploit-db.com/exploits/15708 http://www.exploit-db.com/exploits/15746 http://www.kb.cert.org/vuls/id/634956 http://www.microsoft.com/technet/security/advisory/2488013.mspx http://www.securityfocus.com/bid/45246