Follow:

Exploit:Win/IE.MSHTML.RCE!CVE-2010-3971

Severity rating
Critical

Class/Type
Exploit

Discovered date
2010-11-29T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution.



Impact

Remote Code Execution



Technical details (analysis)

The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution.



Affected software

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8



Non-affected software

All applications not on the affected list.



References




Solutions

Download update



NIS signature

Name: Exploit:Win/IE.MSHTML.RCE!CVE-2010-3971
Release Date: 2010-11-29T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Using EMET on Windows Vista and Windows 7 will help mitigate the impact of this vulnerability by forcing all dlls to opt-in to ASLR.