Content
(MS09-019) Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability III (969897)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2009-1532,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Internet Explorer 8,
- Summary
- A vulnerability in Microsoft Internet Explorer may allow for remote code execution attacks.
Tab Navigation
Description
A vulnerability in Microsoft Internet Explorer may allow for remote code execution attacks. The flaw is specific to the method in which Internet Explorer access objects which have not been correctly initialized, or have been deleted. Under these conditions, system memory can become corrupted, allowing an attacker to execute arbitrary code. Exploitation can be achieved via a specially-crafted web page designed to target this issue.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-019) Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability III (969897)
- Signature identifier:
- 6749
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft IE HTML Objects Memory Corruption Vulnerability III
- Signature identifier:
- 0x40261100
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
The Remedy V-Flash of 06/09/2009 will contain remedies for this issue. Windows Server 2008 is not supported.
- Release date:
- 6/10/2009
Additional Resources
Cumulative Security Update for Internet Explorer (969897)
http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Internet Explorer may allow for remote code execution attacks. The flaw is specific to the method in which Internet Explorer access objects which have not been correctly initialized, or have been deleted. Under these conditions, system memory can become corrupted, allowing an attacker to execute arbitrary code. Exploitation can be achieved via a specially-crafted web page designed to target this issue.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-019) Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability III (969897)
- Signature identifier:
- 6749
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft IE HTML Objects Memory Corruption Vulnerability III
- Signature identifier:
- 0x40261100
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
The Remedy V-Flash of 06/09/2009 will contain remedies for this issue. Windows Server 2008 is not supported.
- Release date:
- 6/10/2009
Additional Resources
Additional Resources -
Cumulative Security Update for Internet Explorer (969897)
http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
