CERT-In Vulnerability Note CIVN-2008-125
Multiple Remote Code Execution Vulnerabilities in Microsoft Internet Explorer

Original Issue Date: August 14, 2008

Severity Rating: High

Systems Affected

• Microsoft Windows XP Service Pack 3
• Microsoft Windows XP Professional x64 Edition and with Service Pack 2
• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows Server 2003 Service Pack 1 and with Service Pack 2
• Microsoft Windows Server 2003 x64 Edition and width Service Pack 2
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and with SP2.
• Microsoft Windows XP Service Pack 2 and Service Pack 3
• Microsoft Windows XP Professional x64 Edition and with Service Pack 2
• Microsoft Windows Server 2003 Service Pack 1 and service Pack 2
• Microsoft Windows Server 2003 x64 Edition and Service Pack 2
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and with SP2.
• Microsoft Windows Vista and Windows Vista Service Pack 1
• Microsoft Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
• Microsoft Windows Server 2008 for 32-bit Systems
• Microsoft Windows Server 2008 for x64-based Systems
• Microsoft Windows Server 2008 for Itanium-based Systems

Components Affected

• Internet Explorer 5.01 and
• Internet Explorer 6 and with Service Pack 1
• Internet Explorer 7

Overview

Multiple Memory corruption vulnerabilities have been reported in Microsoft Internet Explorer that could be exploited by a remote attacker to take the control of the affected system in the context of logged in user.

Description

1. HTML Objects Memory Corruption Vulnerability
    (CVE-2008-2254)

A remote code execution vulnerability exists in Internet Explorer while accessing uninitialized memory in certain situations.

2. HTML Objects Memory Corruption Vulnerability
    (CVE-2008-2255)

A remote code execution vulnerability exists in Internet Explorer while accessing uninitialized memory in certain situations.

3.  HTML Uninitialized Memory Corruption Vulnerability
     (CVE-2008-2256)

4.  HTML Objects Memory Corruption Vulnerability
     (CVE-2008-2257 , CVE-2008-2258)

5.  HTML Component Handling Vulnerability (CVE-2008-2259)

A remote code execution vulnerability exists in Internet Explorer due to improper validations in print preview.

Workarounds

• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
• Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones.
• Read e-mail messages in plain text format using Microsoft Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version, to protect from the HTML e-mail attack vector.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-045


Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx

References

Zero-Day
http://www.zerodayinitiative.com/advisories/ZDI-08-051/

FrSIRT
http://www.frsirt.com/english/advisories/2008/2349

Secunia
http://secunia.com/advisories/31375

SecurityFocus
http://www.securityfocus.com/bid/28136/info

SecurityTracker
http://securitytracker.com/alerts/2008/Aug/1020674.html

CVE Name
CVE-2008-2254
CVE-2008-2255
CVE-2008-2256
CVE-2008-2257
CVE-2008-2258
CVE-2008-2259

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003