Internet Explorer CSS clip attribute memory corruption

Added: 11/16/2010
CVE: CVE-2010-3962
BID: 44536
OSVDB: 68987

Background

Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.

Problem

A memory corruption vulnerability allows command execution when a user loads a web page containing a CSS clip attribute with a specific position, causing an invalid flag reference.

Resolution

Apply a patch when available. See Microsoft Security Advisory 2458511 for patch information.

References

http://secunia.com/advisories/42091

Limitations

Exploit works on Internet Explorer 6 on Windows XP SP3 with security update KB2360131, and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows XP

Back to exploit index