BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Internet Explorer CSS Clip Attribute Memory Corruption

Disclosed November 3, 2010    Fully Patched

Vulnerability Description:

Microsoft Internet Explorer contains a vulnerability when processing a crafted CSS "clip" attribute that could cause a flag reference to be accessed after an object is deleted. Successful exploitation could allow remote attackers to execute arbitrary code. There are reports of this vulnerability being actively exploited in-the-wild.

Vendors:

Microsoft

Vulnerable Software/Devices:

Internet Explorer 6, 7, 8

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution under current user's privileges This client-side vulnerability may be exploited by an attacker by tricking the user into viewing a malicious website. Once successfully exploited, the attacker gains the ability to remotely execute arbitrary code with the same permissions as the user that is currently logged in. If the user is an administrator, the attacker could install malicious software and further compromise the system.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • Retina Audit 13862 - Microsoft Internet Explorer Cumulative Security Update (2416400) - XP
  • Retina Audit 13863 - Microsoft Internet Explorer Cumulative Security Update (2416400) - 2003
  • Retina Audit 13864 - Microsoft Internet Explorer Cumulative Security Update (2416400) - XP/2003 x64
  • Retina Audit 13865 - Microsoft Internet Explorer Cumulative Security Update (2416400) - Vista/2008
  • Retina Audit 13866 - Microsoft Internet Explorer Cumulative Security Update (2416400) - Vista/2008x64
  • Retina Audit 13867 - Microsoft Internet Explorer Cumulative Security Update (2416400) - 7
  • Retina Audit 13868 - Microsoft Internet Explorer Cumulative Security Update (2416400) - 7/2008R2 x64

Mitigation:

Install the appropriate MS10090 patch.

Links:

CVE(s):

None

Leave a Reply