CVE-2010-3962

8.1 HIGH CISA KEV - Actively Exploited
Published: November 05, 2010 Modified: October 22, 2025
View on NVD

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
Source: secure@microsoft.com
Vendor Advisory
http://secunia.com/advisories/42091
Source: secure@microsoft.com
Broken Link Vendor Advisory
http://www.exploit-db.com/exploits/15418
Source: secure@microsoft.com
Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/15421
Source: secure@microsoft.com
Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/899748
Source: secure@microsoft.com
Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/2458511.mspx
Source: secure@microsoft.com
Patch Vendor Advisory
http://www.securityfocus.com/bid/44536
Source: secure@microsoft.com
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024676
Source: secure@microsoft.com
Broken Link Third Party Advisory VDB Entry
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
Source: secure@microsoft.com
Not Applicable
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Source: secure@microsoft.com
Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2010/2880
Source: secure@microsoft.com
Broken Link Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
Source: secure@microsoft.com
Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
Source: secure@microsoft.com
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279
Source: secure@microsoft.com
Tool Signature
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42091
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.exploit-db.com/exploits/15418
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/15421
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/899748
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/2458511.mspx
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.securityfocus.com/bid/44536
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024676
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2010/2880
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62962
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279
Source: af854a3a-2127-422b-91ae-364da2661108
Tool Signature
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3962
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

29 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.1 / 10.0
EPSS (Exploit Probability)
87.1%
99th percentile
Exploitation Status
Actively Exploited
Remediation due: 2025-10-27

Weaknesses (CWE)

CWE-416 CWE-416

Affected Vendors

microsoft

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3