HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-191
Microsoft Internet Explorer Data binding Memory Corruption Vulnerability

Original Issue Date:December 15, 2008
Updated:December 18, 2008

Severity Rating: High

Systems Affected

  • Windows Internet Explorer 8 Beta 2
  • Windows Internet Explorer 7
  • Windows Internet Explorer 6.0 SP1 and prior
  • Windows Internet Explorer 5.01 SP4 and prior
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Vista x64 Edition SP1 and prior
  • Windows Vista SP1 and prior
  • Windows Server 2003 x64 Edition SP2 and prior
  • Windows Server 2003 for Itanium-based Systems SP2 and prior
  • Windows Server 2003 SP2 and prior
  • Windows XP Professional x64 Edition SP2 and prior
  • Windows XP SP3 and prior
  • Microsoft Windows 2000 Service Pack 4

Overview

Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

 The vulnerability exists due to an invalid pointer reference in the data binding function of Internet Explorer when it attempts to parse XML tags. When the mshtml.dll(used for rendering web pages) library attempts to process malformed XML objects that are embedded in improperly nested HTML SPAN tags, Internet Explorer could overwrite memory structures.

By convincing a user to view a specially crafted XML document (e.g., a web page or email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user .

Workarounds

  • Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
  • Disable XML Island functionality
  • Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL
  • Disable Row Position functionality of OLEDB32.dll
    Unregister OLEDB32.DLL
  • Use ACL to disable OLEDB32.DLL
  • Enable DEP for Internet Explorer 7 on Windows Vista and on Windows Server 2008
  • Disable Data Binding support in Internet Explorer 8 Beta 2

    For detailed steps and impact of applying these workarounds refer to Microsoft Security Bulletin MS08-78

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-78

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/advisory/961051.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

References

 Microsoft
http://www.microsoft.com/technet/security/advisory/961051.mspx

Secunia
http://secunia.com/advisories/33089

ISC SANS
http://isc.sans.org/diary.html?storyid=5458

McAfee Avert labs
http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/

Cisco Security Center
http://tools.cisco.com/security/center/viewAlert.x?alertId=17241

CVE Name
CVE-2008-4844

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003