Oval Definition:oval:org.mitre.oval:def:11606
Revision Date:2012-03-26Version:46
Title:Pointer leakage vulnerability in Internet Explorer
Description:The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-3886
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis
  • Internet Explorer 6 on XP x86 SP3
  • Microsoft Windows XP (x86) SP3 is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND Check if the version of mshtml.dll is less than or equal to 6.0.2900.6003
  • OR Internet Explorer 6 on XP x64 SP2, Server 2003 x86/x64/ia64 SP2
  • XP x64 Edition SP2 or Server 2003 SP2 (x86) or Server 2003 SP2 (x64) or Server 2003 (ia64) SP2
  • Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • OR Microsoft Windows XP (x86) SP2 is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND Check if the version of mshtml.dll is less than or equal to 6.0.3790.4732
  • OR Internet Explorer 7 on XP x86/x64 SP3
  • XP (x86) SP3 or XP x64 Edition SP2
  • Microsoft Windows XP (x86) SP3 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows XP (x86) SP2 is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND Check if the version of mshtml.dll is less than or equal to 7.0.6000.17080
  • OR Internet Explorer 7 on Vista x86/x64 SP1, Server 2008 x86/x64/ia64
  • Vista (32-bit) SP1 or Vista x64 Edition SP1 or Server 2008 (32-bit) or Server 2008 (64-bit) or Server 2008 (ia-64)
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND Check if the version of mshtml.dll is less than or equal to 7.0.6001.18498
  • OR Internet Explorer 7 on Vista x86/x64 SP2, Server 2008 x86/x64/ia64 SP2
  • Vista (32-bit) SP2 or Vista x64 Edition SP2 or Server 2008 (32-bit) SP2 or Server 2008 x64 Edition SP2 or Server 2008 Itanium-Based Edition SP2
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND Check if the version of mshtml.dll is less than or equal to 7.0.6002.18278
  • OR Internet Explorer 8 on XP x64 SP2,XP x86 SP3, Server 2003 x86/x64/ia64 SP2
  • XP (x86) SP3 or XP x64 Edition SP2 or Server 2003 SP2 (x86) or Server 2003 SP2 (x64)
  • Microsoft Windows XP (x86) SP3 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows XP (x86) SP2 is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Check if the version of mshtml.dll is less than or equal to 8.0.6001.18939
  • OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64/ia64
  • Vista (32-bit) SP1 or Vista x64 Edition SP1 or Vista (32-bit) SP2 or Vista x64 Edition SP2 or Server 2008 (32-bit) or Server 2008 (64-bit) or Server 2008 (32-bit) SP2 or Server 2008 x64 Edition SP2
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Check if the version of mshtml.dll is less than or equal to 8.0.6001.18943
  • OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64
  • Windows 7 (32-bit) or x64 Edition or Server 2008 R2 x64 Edition or Server 2008 R2 Itanium-Based Edition
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Check if the version of mshtml.dll is less than or equal to 8.0.7600.16625
    • BACK