SecPod ID: 10091

Microsoft Internet Explorer Multiple Vulnerabilities

Status: Public Report

Release Date: 10-12-2008

Severity: High

CVSS Base Score: 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)

CVSS Temporal Score = 6.9  

Affected Software/OS/Device:

Microsoft Internet Explorer 5.01/6.x/7.x

Impact Level: Application

OpenVAS Plugin ID: 900062

Snort Signature ID:

OVAL ID:

Vulnerability Insight:

Overview:

Microsoft Internet Explorer is prone to Multiple Vulnerabilities.

Description:

Multiple flaws are due to

- Error when handling parameters passed to unspecified navigation methods

  which can cause memory corruption through a specially crafted web page.

- unspecified error when handling HTML objects whcih can be exploited to

  dereference uninitialized memory and memory corruption through a specially

  crafted web page.

- Unspecified use-after-free error which can cause memory corruption through

  a specially crafter web page.

- Error when unexpected data is encountered while embedding an object into

  a page which can cause memory corruption.

Impact :

Successful exploitation will let the attacker execute arbitrary codes in the

context of the affected browser.

CVSS Score Report:    

    ACCESS_VECTOR = NETWORK
    ACCESS_COMPLEXITY = LOW
    AUTHENTICATION = NOT_REQUIRED
    CONFIDENTIALITY_IMPACT = PARTIAL
    INTEGRITY_IMPACT = COMPLETE
    AVAILABILITY_IMPACT = COMPLETE
    EXPLOITABILITY = UNPROVEN
    REMEDIATION_LEVEL = OFFICIAL_FIX
    REPORT_CONFIDENCE = CONFIRMED
    CVSS Base Score = 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
    CVSS Temporal Score = 6.9
    Risk factor = High

Fix:

Apply the security patches.
http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4261

Home          Corporate          Resources          Report Security Bug          Diary