Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3886Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
14.4%
top 5.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedOct 8
Latest updateMay 13

Description

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-5jhw-qp9v-79q5: The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml2022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft - 'MSHTML.dll' CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak2010-07-09
CVE-2010-3886 — Sensitive Information Exposure | cvebase