4.3
CVE-2010-3886
- EPSS 16.8%
- Veröffentlicht 08.10.2010 22:00:36
- Zuletzt bearbeitet 16.06.2026 23:23:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.8% | 0.966 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html
http://twitter.com/WisecWisec/statuses/17254776077
http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606