Published: 05/11/2010 Updated: 28/02/2022

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote malicious users to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet_explorer 6
microsoft internet_explorer 7
microsoft internet_explorer 8

Microsoft Internet Explorer versions 6, 7 and 8 memory corruption exploit ...

## # $Id: ms10_090_ie_css_cliprb 11610 2011-01-20 19:30:59Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

# Internet Explorer Memory Corruption 0day Vulnerability CVE-2010-3962 # Tested on Windows XP SP3 IE6 IE7 IE8 # Coded by Matteo Memelli ryujin __at__ offseccom # wwwoffensive-securitycom/0day/ie-0daytxt # Thx to dookie __at__ offseccom # notes : This is a quick and dirty exploit! No DEP/ASLR bypass here feel free to improve it <!-- ...

<html> <table style=position:absolute;clip:rect(0)> </html> ...

Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak

Symantec Threat Intelligence Blog • Security Response Attack Investigation Team • 06 May 2024

Windows zero day was exploited by Buckeye alongside Equation Group tools during 2016 attacks. Exploit and tools continued to be used after Buckeye's apparent disappearance in 2017.

Posted: 6 May, 20198 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinBuckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers LeakWindows zero day was exploited by Buckeye alongside Equation Group tools during 2016 attacks. Exploit and tools continued to be used after Buckeye's apparent disappearance in 2017.Key Findings The Buckeye attack group was using Equation Group tools to gain persistent ac...

CWE-416 http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx http://www.microsoft.com/technet/security/advisory/2458511.mspx http://www.securitytracker.com/id?1024676 http://www.kb.cert.org/vuls/id/899748 http://www.vupen.com/english/advisories/2010/2880 http://secunia.com/advisories/42091 http://www.securityfocus.com/bid/44536 http://www.us-cert.gov/cas/techalerts/TA10-348A.html http://www.exploit-db.com/exploits/15418 http://www.exploit-db.com/exploits/15421 https://exchange.xforce.ibmcloud.com/vulnerabilities/62962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://nvd.nist.gov https://packetstormsecurity.com/files/95516/Microsoft-Internet-Explorer-6-7-8-Memory-Corruption.html https://www.exploit-db.com/exploits/16551/https://www.kb.cert.org/vuls/id/899748

CVE-2010-3962

Vulnerability Summary

Vulnerability Trend

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect