Home

CVE-2010-3971

Description

Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka CSS Memory Corruption Vulnerability.

Risk Information

Base Score
9.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
EPSS Score
Exploitation Probability
85.6

Associated Vulnerability

VulnerabilityOS Platform
Cumulative Security Update for Internet Explorer for Windows XP (KB2482017)Windows
Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2482017)Windows
Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2482017) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2482017) x86 based systems for SP2Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2482017) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2482017) x86 based systems for SP2Windows
Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2482017) for SP2Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2482017) for SP2Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2482017)Windows
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2482017)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2482017) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2482017) x86 based systems for SP2Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2482017) x86 based systemsWindows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2482017) x86 based systems for SP2Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2482017)Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2482017) for SP2Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2482017) for SP2Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2482017)Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2482017)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-9690Cumulative Security Update for Internet Explorer for Windows XP (KB2482017)
PATCH-9691Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2482017)
PATCH-9693Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2482017)
PATCH-9697Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2482017)
PATCH-9699Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2482017)
PATCH-9700Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2482017)
PATCH-9701Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2482017)
PATCH-9703Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2482017)
PATCH-9705Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2482017)
PATCH-9706Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2482017)
PATCH-9707Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2482017)
PATCH-9708Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2482017)
PATCH-9709Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2482017)
PATCH-9710Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2482017)
PATCH-9711Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2482017)
PATCH-9712Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2482017)
PATCH-9713Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2482017)
PATCH-9714Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2482017)
PATCH-9715Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2482017)
PATCH-9716Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2482017)
PATCH-9717Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2482017)
PATCH-9718Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2482017)
PATCH-9719Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2482017)
PATCH-9720Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2482017)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234