Summary
This host has installed with Internet Explorer and is prone to Use-after-free Vulnerability.
This NVT has been replaced by NVT secpod_ms11-003.nasl (OID:1.3.6.1.4.1.25623.1.0.901180).
Impact
Successful exploitation will allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.
Impact Level: System/Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaw is due to use-after-free error within the 'mshtml.dll' library when processing a web page referencing a 'CSS' file that includes various '@import' rules.
Affected
Microsoft Internet Explorer version 6.x/7.x/8.x
References
Severity
Classification
-
CVE CVE-2010-3971 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Windows)