Vulnerability Name: | CVE-2010-3886 (CCN-59948) | ||||||||
Assigned: | 2010-07-01 | ||||||||
Published: | 2010-07-01 | ||||||||
Updated: | 2022-02-18 | ||||||||
Summary: | The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:UR)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-200 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: BUGTRAQ Type: Broken Link, Exploit 20100629 [0day] Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList memory leak Source: MITRE Type: CNA CVE-2010-3886 Source: MISC Type: Third Party Advisory http://twitter.com/WisecWisec/statuses/17254776077 Source: MISC Type: Not Applicable http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630 Source: CCN Type: Microsoft Web site Internet Explorer Source: CCN Type: OSVDB ID: 66001 Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure Source: CCN Type: BID-41247 Microsoft Internet Explorer 'mshtml.dll' Remote Information Disclosure Vulnerability Source: XF Type: UNKNOWN ms-ie-mshtml-info-disc(59948) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:11606 Source: CCN Type: Packetstorm Security Web Site Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList proof of concept memory leak exploit. | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |