CVE-2010-3328

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description A use-after-free issue in the CAttrArray::PrivateFind function in mshtml.dll allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object. This could allow an attacker to gain the same user rights as the logged-on user, potentially leading to complete control of an affected system if the user has administrative rights. The attacker could exploit this by constructing a specially crafted Web page.

Recommendations For Microsoft Internet Explorer versions 6 through 8, consider disabling access to the CAttrArray::PrivateFind function as a temporary workaround until a patch is available. Restrict the use of stylesheet objects to minimize the risk of exploitation. Avoid viewing specially crafted Web pages that could trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.