Unrated severityNVD Advisory· Published Oct 8, 2010· Updated Jun 16, 2026
CVE-2010-3886
CVE-2010-3886
Description
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
- (no CPE)range: =8
Patches
Vulnerability mechanics
References
4- archives.neohapsis.com/archives/bugtraq/2010-06/0259.htmlnvdBroken LinkExploit
- twitter.com/WisecWisec/statuses/17254776077nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606nvdThird Party Advisory
- www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630nvdNot Applicable
News mentions
0No linked articles in our index yet.