HOME > VULNERABILITY


   VULNERABILITY

 

CERT-In Vulnerability Note CIVN-2010-103
Memory Corruption Vulnerability in Microsoft Internet Explorer

Original Issue Date: March 30, 2010

Severity Rating:High

System Affected

  • Microsoft Windows 2000 SP4
  • Windows XP SP2 and Windows XP SP3
  • Windows XP Professional x64 Edition SP2
  • Windows Server 2003 SP2
  • Windows Server 2003 x64 Edition SP 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Server 2003 SP2
  • Windows Vista, Windows Vista SP1 and SP2
  • Windows Vista x64 Edition SP1 and SP2
  • Windows Server 2008 for 32-bit Systems and SP2
  • Windows Server 2008 for Itanium-based Systems and SP2

Affected Components

  • Microsoft Internet Explorer 5
  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7

Overview

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow an attacker to execute a remote code and take complete control of the affected system in the context of logged in user.

Description

Memory corruption vulnerability has been reported in Microsoft Internet Explorer while handling certain objects. An attacker could exploit this vulnerability by creating a specially crafted web page containing an ActiveX control marked "safe for initialization" that hosts the Internet Explorer rendering engine and persuade user to open this crafted page. When Internet Explorer attempts to access this object, it corrupt memory due to a race condition. Successful exploitation of this vulnerability could allow remote attacker to execute remote code and take control of the vulnerable system in the context of logged in user.

Workarounds

  • Enable or disable ActiveX Controls in Office 2007
  • Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
  • Add sites that you trust to the Internet Explorer Trusted sites zone
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
  • Do not open unexpected files

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS10-018

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

VUPEN
http://www.vupen.com/english/advisories/2010/0744

AusCert
http://www.auscert.org.au/render.html?it=12576

McAfee
http://vil.nai.com/vil/Content/v_vul50944.htm

CVE Name
CVE-2010-0489

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003