⚠ Actively exploited

Added to CISA KEV on 2025-10-06. Federal agencies required to patch by 2025-10-27. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2010-3962 — Use After Free in Microsoft Internet Explorer

CWE-416 — Use After Free17 documents11 sources

Severity

8.1HIGHNVD

EPSS

88.9%

top 0.47%

CISA KEV

KEV

Added 2025-10-06

Due 2025-10-27

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Internet Explorer

Timeline

PublishedNov 5

KEV addedOct 6

KEV dueOct 27

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7, 8+2

Patches

Patch: www.microsoft.com ↗Patch: docs.microsoft.com ↗Patch: www.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-cmh7-cfjq-p92g: Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Casca↗2022-05-13

▶

VulnCheck

Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability↗2010

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (MS10-090) (Metasploit)↗2011-01-20

▶

Exploit-DB

Microsoft Internet Explorer 6/7/8 - Memory Corruption↗2010-11-04

▶

Exploit-DB

Microsoft Internet Explorer - Memory Corruption↗2010-11-04

▶

Metasploit

MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption↗

▶

🔍Detection Rules

Suricata

ET WEB_CLIENT Microsoft IE CSS Clip Attribute Memory Corruption (POC SPECIFIC)↗2010-11-05

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability↗2025-10-06

▶

🕵️Threat Intelligence

Zscaler

Memory Corruption Vulnerabilities Target IE 6 & 7 | Blog↗2011-07-14

▶

Recorded Future

Tracking the Clandestine Fox↗

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 12-14-2010↗

▶

Zscaler

Zscaler Provides Protection for Critical IE Vulnerabilities↗

▶

Recorded Future

Tracking the Clandestine Fox↗

▶

📄Research Papers

arXiv

Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures↗2025-02-12

▶

💬Community

Bugzilla

CVE-2008-7258 Ssmtp: Buffer overflow by cutting '\n' sequence from lines with leading dot↗2010-07-26

▶