CVE-2010-3324

Microsoft Internet Explorer 8 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3324. PoCs published by Mario Heiderich.

AI-analyzed exploit summary This exploit demonstrates a security-bypass weakness in Internet Explorer 8's toStaticHTML function, allowing script execution via a crafted postMessage call. The PoC includes a form to test the bypass and a style block with obfuscated CSS import to trigger the vulnerability.

Description

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mario Heiderich · htmlremotewindows

https://www.exploit-db.com/exploits/34478

View Code ZIP pw:eip

This exploit demonstrates a security-bypass weakness in Internet Explorer 8's toStaticHTML function, allowing script execution via a crafted postMessage call. The PoC includes a form to test the bypass and a style block with obfuscated CSS import to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Internet Explorer 8

No auth needed

Prerequisites: Victim must be using Internet Explorer 8 · Victim must interact with the malicious form

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Exploit x_refsource_misc

http://www.wooyun.org/bug.php?action=view&id=189

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-285A.html

Vendor Advisory x_refsource_confirm

http://support.avaya.com/css/P8/documents/100113324

Scores

EPSS 0.2502

EPSS Percentile 97.6%

Details

CWE

CWE-79

Status published

Products (6)

microsoft/groove_server 2010

microsoft/internet_explorer 8

microsoft/sharepoint_foundation 2010

microsoft/sharepoint_server 2007 sp2

microsoft/sharepoint_services 3.0 sp2

microsoft/web_apps

Published Sep 17, 2010

Tracked Since Feb 18, 2026