mailing list archives
Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331
From: Rodrigo Branco <rbranco () checkpoint com>
Date: Tue, 12 Oct 2010 11:41:55 -0700
I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability.
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
Internet Explorer Uninitialized Memory Corruption Vulnerability
CVE-2010-3331 - MS10-071
There exists a vulnerability within the way internet explorer handles specific objects that has not been correctly
has been deleted, which leads to uninitialized memory reference and code execution.
This vulnerability can be triggered thru different vectors, been Microsoft Word one of the tested ones.
This problem was confirmed in the following versions of Internet Explorer and Windows, other versions
maybe also affected.
Internet Explorer 6 running in All Versions of Windows
Internet Explorer 7 running in All Versions of Windows
Internet Explorer 8 running in All Versions of Windows
MICROSOFT EXPLOTABILITY INDEX
In order to help the Microsoft Response Team we did further analysis on the vulnerability and we classify it as: 1
consistent exploit code likely.
Important to note again that since the faulty code also appears inside the mshtml.dll other applications may behave
differently when triggering the problem (even more when
talking about 3rd parties).
CVSS Scoring System
The CVSS score is: 8.3
Base Score: 10
Temporal Score: 8.3
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal score is: E:F/RL:OF/RC:C
TRIGGERING THE PROBLEM
This vulnerability can be triggered by creating a persistent object with class id:
The problem is triggered by the an exploit code available to interested party which causes invalid memory access in
all the referred versions.
This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team
Rodrigo Rubira Branco
Senior Security Researcher
Vulnerability Discovery Team (VDT)
Check Point Software Technologies
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2010-3331 Rodrigo Branco (Oct 12)