CVE-2010-3886

Опубликовано: 08 окт. 2010

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html
Broken Link
Exploit
http://twitter.com/WisecWisec/statuses/17254776077
Third Party Advisory
http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630
Not Applicable
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html
Broken Link
Exploit
http://twitter.com/WisecWisec/statuses/17254776077
Third Party Advisory
http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630
Not Applicable
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14351

Средний

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-5jhw-qp9v-79q5

github

больше 3 лет назад