CVE-2010-3971

This Metasploit module exploits a use-after-free vulnerability in Internet Explorer's CSS recursive import handling (CVE-2010-3971) to achieve remote code execution. It leverages heap spraying and ROP techniques with .NET 2.0's mscorie.dll to bypass DEP and ASLR.

This exploit targets a vulnerability in Internet Explorer (CVE-2010-3971) using a heap spray technique to achieve remote code execution. It serves malicious HTML and CSS content via a TCP server to trigger the vulnerability and execute arbitrary shellcode (calc.exe in this case).

This exploit leverages a CSS import recursion vulnerability in Internet Explorer to cause a denial-of-service (DoS) condition. The recursive @import rules in the CSS file trigger a stack overflow, crashing the browser.

This repository contains a functional exploit PoC for CVE-2010-3971, targeting a vulnerability in Internet Explorer's mshtml.dll. The code hooks the CStyleSheet::Notify function to demonstrate exploitation, likely leading to remote code execution.

This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer (CVE-2010-3971) by leveraging recursive CSS imports to corrupt memory, achieving arbitrary code execution via heap spraying and ROP chains targeting mscorie.dll to bypass DEP/ASLR.