Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3971Out-of-bounds Write in Microsoft Internet Explorer

CWE-39912 documents8 sources
Severity
9.3CRITICALNVD
EPSS
85.6%
top 0.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedDec 22
Latest updateMay 13

Description

Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-r6fx-qpgx-pg2w: Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml2022-05-13
VulnCheck
Microsoft CSS Memory Corruption Vulnerability2010

💥Exploits & PoCs

4
Exploit-DB
Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (MS11-003) (Metasploit)2011-02-08
Exploit-DB
Microsoft Internet Explorer 8 - CSS Parser2010-12-15
Exploit-DB
Microsoft Internet Explorer 8 - CSS Parser Denial of Service2010-12-08
Metasploit
MS11-003 Microsoft Internet Explorer CSS Recursive Import Use After Free

🕵️Threat Intelligence

5
Krebs
In a Zero-Day World, It’s Active Attacks that Matter – Krebs on Security2012-10-01
Krebs
In a Zero-Day World, It’s Active Attacks that Matter2012-10-01
Talos
'Tis the Season for 0-days2010-12-23
Talos
'Tis the Season for 0-days2010-12-23
Zscaler
Zscaler found Multiple Security Vulnerabilities | 02-08-2011
CVE-2010-3971 — Out-of-bounds Write in Microsoft | cvebase