CVE-2010-3971

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description A use-after-free issue in the CSS parser allows remote attackers to execute arbitrary code or cause a denial of service via a self-referential @import rule in a stylesheet. This vulnerability can be exploited by constructing a specially crafted Web page, potentially allowing an attacker to gain the same user rights as the logged-on user. If the user has administrative rights, the attacker could take complete control of the system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer versions 6 through 8, consider disabling the CSS parser or restricting the use of self-referential @import rules in stylesheets as a temporary workaround until a patch is available. Restrict access to specially crafted Web pages to minimize the risk of exploitation.