SecPod ID: 10094

Microsoft Internet Explorer XML Parsing Code Execution Vulnerability

Status: Public Report

Release Date: 10-13-2008

Severity: Critical

CVSS Base Score: 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)

CVSS Temporal Score = 10.0 

Affected Software/OS/Device:

- Microsoft Internet Explorer 7
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 6
- Microsoft Internet Explorer 8 Beta 2

Impact Level: System

OpenVAS Plugin ID: 900066

Snort Signature ID:

OVAL ID:

Vulnerability Insight:

Overview:

Microsoft Internet Explorer is vulnerable to remote code execution.

Description:

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled, it is possible for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space.

Impact :

Successful exploitation will let the attacker execute arbitrary codes by tricking the
user into visiting a malicious web page.

CVSS Score Report:    

    ACCESS_VECTOR = NETWORK
    ACCESS_COMPLEXITY = LOW
    AUTHENTICATION = NOT_REQUIRED
    CONFIDENTIALITY_IMPACT = COMPLETE
    INTEGRITY_IMPACT = COMPLETE
    AVAILABILITY_IMPACT = COMPLETE
    EXPLOITABILITY = HIGH
    REMEDIATION_LEVEL = UNAVAILABLE
    REPORT_CONFIDENCE = CONFIRMED
    CVSS Base Score = 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
    CVSS Temporal Score = 10.0
    Risk factor = Critical

Fix:

Solution/Patch not available as on 17th December 2008. For further updates refer,
http://www.microsoft.com/technet/security/advisory/961051.mspx

References:
http://www.milw0rm.com/exploits/7410
http://isc.sans.org/diary.html?storyid=5458

Home          Corporate          Resources          Report Security Bug          Diary