BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Internet Explorer CSS Import Rule Use-After-Free

Disclosed November 29, 2010    Fully Patched

Vulnerability Description:

Microsoft Internet Explorer contains a use-after-free vulnerability when handling web content containing a crafted sequence of CSS import rules (i.e. @import). Successful exploitation could allow remote execution of arbitrary code.

Vendors:

Microsoft

Vulnerable Software/Devices:

Internet Explorer 8 and possibly other versions

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

  • BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
    • Retina Audit ID 14101 - Microsoft Internet Explorer Cumulative Security Update (2482017) - XP
    • Retina Audit ID 14102 - Microsoft Internet Explorer Cumulative Security Update (2482017) - 2003
    • Retina Audit ID 14103 - Microsoft Internet Explorer Cumulative Security Update (2482017) - XP/2003 x64
    • Retina Audit ID 14104 - Microsoft Internet Explorer Cumulative Security Update (2482017) - Vista/2008
    • Retina Audit ID 14105 - Microsoft Internet Explorer Cumulative Security Update (2482017) - Vista/2008x64
    • Retina Audit ID 14106 - Microsoft Internet Explorer Cumulative Security Update (2482017) - 7
    • Retina Audit ID 14107 - Microsoft Internet Explorer Cumulative Security Update (2482017) - 7/2008R2 x64

Mitigation:

Apply appropriate patch from MS11-003.

Links:

CVE(s):

None

Leave a Reply