Vulnerability Note VU#899748

Microsoft Internet Explorer invalid flag reference vulnerability

Original Release date: 03 Nov 2010 | Last revised: 11 Mar 2014


Microsoft Internet Explorer invalid flag reference vulnerability


According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets (CSS) tags when parsing HTML, resulting in an overwrite of the least significant byte of a vtable pointer. The Microsoft Security Advisory (2458511) refers to the vulnerability as an invalid flag reference vulnerability, where the reference to an object can be accessed after it is deleted.

Exploit code for this vulnerability is publicly available.


By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.


Apply an update

This issue is addressed in Microsoft Security Bulletin MS10-090.


Microsoft has listed several workarounds in Microsoft Security Advisory (2458511).

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-18 Jan 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 0.0 AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal 0.0 E:ND/RL:ND/RC:ND
Environmental 0.0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND



Thanks to Microsoft Security Response Center for reporting this vulnerability, who in turn credit Symantec.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2010-3962
  • Date Public: 03 Nov 2010
  • Date First Published: 03 Nov 2010
  • Date Last Updated: 11 Mar 2014
  • Severity Metric: 54.62
  • Document Revision: 30


If you have feedback, comments, or additional information about this vulnerability, please send us email.