Content
(MS08-078) Microsoft Internet Pointer Reference Memory Corruption Vulnerability (960714)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- High
- CVE reference
- CVE-2008-4844,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Internet Explorer 7,
- Internet Explorer 5.0.1 SP4,
- Internet Explorer 6 SP1,
- Internet Explorer 8 Beta 2,
- Summary
- A vulnerability exists in Microsoft Internet Explorer which may allow for remote code execution.
Tab Navigation
Description
A vulnerability exists in Microsoft Internet Explorer which may allow for remote code execution. The flaw is lies in an invalid pointer reference within the data binding function of Microsoft Internet Explorer. By default, data binding is enabled. Under certain conditions, it may be possible to access a deleted object's memory space when objects are released. When this condition occurs Internet Explorer will exit, leaving it in an exploitable state. A typical attack scenario would involve an attacker constructing a specially-crafted web page, designed to exploit this vulnerability. Upon exploitation, the attacker would gain rights equivlent to the currently logged-in user.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(960714): http://www.microsoft.com/technet/security/Bulletin/MS08-078.mspx
McAfee Product Mitigation
McAfee Foundstone
The FSL package of December 9 includes a vulnerability check to assess if your systems are at risk.
- Signature:
- Microsoft Internet Explorer Nexted XML Code Execution Vulnerability
- Signature identifier:
- 6301
- Release date:
- 12/9/2008
The MNAC release of December 10 includes a vulnerability check to assess if your systems are at risk.
- Signature:
- Microsoft Internet Explorer Nexted XML Code Execution Vulnerability
- Signature identifier:
- 6301
- Release date:
- 12/10/2008
Additional Resources
Microsoft Security Advisory (961051) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961051.mspx
Microsoft Security Bulletin:Security Update for Internet Explorer (960714)
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
All Information
Timeline -
12/17/2008
Vendor has provided a patch.
12/15/2008
A proof of concept has been released.
12/10/2008
Vendor has provided information on the vulnerability.
12/10/2008
A proof of concept has been released.
12/9/2008
A proof of concept has been released.
Description -
A vulnerability exists in Microsoft Internet Explorer which may allow for remote code execution. The flaw is lies in an invalid pointer reference within the data binding function of Microsoft Internet Explorer. By default, data binding is enabled. Under certain conditions, it may be possible to access a deleted object's memory space when objects are released. When this condition occurs Internet Explorer will exit, leaving it in an exploitable state. A typical attack scenario would involve an attacker constructing a specially-crafted web page, designed to exploit this vulnerability. Upon exploitation, the attacker would gain rights equivlent to the currently logged-in user.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(960714): http://www.microsoft.com/technet/security/Bulletin/MS08-078.mspx
McAfee Product Mitigation
McAfee Foundstone
The FSL package of December 9 includes a vulnerability check to assess if your systems are at risk.
- Signature:
- Microsoft Internet Explorer Nexted XML Code Execution Vulnerability
- Signature identifier:
- 6301
- Release date:
- 12/9/2008
The MNAC release of December 10 includes a vulnerability check to assess if your systems are at risk.
- Signature:
- Microsoft Internet Explorer Nexted XML Code Execution Vulnerability
- Signature identifier:
- 6301
- Release date:
- 12/10/2008
Additional Resources
Additional Resources -
Microsoft Security Advisory (961051) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961051.mspx
Microsoft Security Bulletin:Security Update for Internet Explorer (960714)
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
