(MS10-090) Cumulative Security Update for Internet Explorer (2416400)

Publish date: February 11, 2011

Severity: CRITICAL

CVE Identifier: CVE-2010-3962,CVE-2010-3348,CVE-2010-3346,CVE-2010-3345,CVE-2010-3343,CVE-2010-3342,CVE-2010-3340

Advisory Date: FEB 11, 2011

DESCRIPTION

This security update resolves a total of seven vulnerabilities in Internet Explorer (IE). Of these vulnerabilities, the most severe flaws could allow remote users to remotely execute malicious codes on the affected system if a user views a specially crafted Web page via IE. User accounts configured to have fewer rights on the system are in less risk than user accounts with administrative rights.

TREND MICRO PROTECTION INFORMATION

For information on patches specific to the affected software, please proceed to the Microsoft Web page.

Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):

Vulnerability ID	Identifier & Title	IDF First Pattern Version	IDF First Pattern Release Version
CVE-2010-3340	1004539 - HTML Object Memory Corruption Vulnerability	10-038	Dec 15, 2010
CVE-2010-3343	1004540 - Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability	10-038	Dec 15, 2010
CVE-2010-3346	1004537 - HTML Element Memory Corruption	10-038	Dec 15, 2010
CVE-2010-3962	1004496 - Vulnerability in Internet Explorer Could Allow Remote Code Execution	10-035	Nov 10, 2010

SOLUTION

PATCH: http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx

AFFECTED SOFTWARE AND VERSION

IE 6 Windows XP Service Pack 3
IE 6 Windows XP Professional x64 Edition Service Pack 2
IE 6 Windows Server 2003 Service Pack 2
IE 6 Windows Server 2003 x64 Edition Service Pack 2
IE 6 Windows Server 2003 with SP2 for Itanium-based Systems
IE 7 Windows XP Service Pack 3
IE 7 Windows XP Professional x64 Edition Service Pack 2
IE 7 Windows Server 2003 Service Pack 2
IE 7 Windows Server 2003 x64 Edition Service Pack 2
IE 7 Windows Server 2003 with SP2 for Itanium-based Systems
IE 7 Windows Vista Service Pack 1 and Windows Vista Service Pack 2
IE 7 Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
IE 7 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
IE 7 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
IE 7 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
IE 8 Windows XP Service Pack 3
IE 8 Windows XP Professional x64 Edition Service Pack 2
IE 8 Windows Server 2003 Service Pack 2
IE 8 Windows Server 2003 x64 Edition Service Pack 2
IE 8 Windows Vista Service Pack 1 and Windows Vista Service Pack 2
IE 8 Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
IE 8 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
IE 8 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
IE 8 Windows 7 for 32-bit Systems
IE 8 Windows 7 for x64-based Systems
IE 8 Windows Server 2008 R2 for x64-based Systems
IE 8 Windows Server 2008 R2 for Itanium-based Systems

Related Vulnerability

Related Malware

Related Web Attack

Multiple Malware, One Exploit: How HTML_SHELLCOD.SM Operates

Featured Stories

Beware of MCP Hardcoded Credentials: A Perfect Target for Threat Actors
Poor secret management in MCP servers can lead to serious consequences, including data breaches and supply chain attacks. This article examines the reality of these unsecure configurations and offers practical recommendations that minimize the chances of exposure.
Read more
$Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities$
Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities
In this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.
Read more
$Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services$
Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services
To conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.
Read more
$Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities$
Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities
How can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.
Read more