(MS09-054) Uninitialized Memory Corruption Vulnerability (974455)

Content

(MS09-054) Uninitialized Memory Corruption Vulnerability (974455)

Type: Logic error
Impact of exploitation: Remote Code Execution
User Interaction: user interaction is needed
Attack Vector: Website with malicious content
Rating: Medium
CVE reference: CVE-2009-2530,
Vendor Status: Responded and patched
Vulnerable systems: Windows 2000 SP4,; Windows XP SP3,; Windows XP X64 SP2,; Windows Xp Tablet Pc SP2,; Windows 2003 SP2,; Windows 2003 x64 SP2,; Windows 2003 Itanium SP2,; Windows Vista SP1,; Windows 2008,; Windows 2008 Itanium,; Windows 2008 x64,; Windows Vista SP2,; Windows 2008 SP2,; Windows 2008 Itanium SP2,; Windows 2008 x64 SP2,; Windows 7,; Windows 7 x64,; Windows 7 Itanium,; Internet Explorer 5.01 SP4 Windows 2000 SP4,; Internet Explorer 5.01,; Internet Explorer 6 SP1 Windows 2000 SP4,; Internet Explorer 6 SP1,; Internet Explorer 6 Microsoft Windows Server 2003 SP1,; Internet Explorer 6 Windows Server 2003 SP1,; Internet Explorer 6 Windows Server 2003 SP1 Itanium,; Internet Explorer 6 Windows Server 2003 SP2,; Internet Explorer 6 Windows XP Professional X64 Edition SP2,; Internet Explorer 6 Windows XP SP2,; Internet Explorer 7,; Internet Explorer 7 Windows Server 2003 SP2 Itanium,; Internet Explorer 7 Windows 2000 SP4,; Internet Explorer 7 Windows Vista SP1,; Internet Explorer 7 Windows Vista X64 Edition SP1,; Internet Explorer 7 Windows Server 2008 X64 Edition,; Internet Explorer 7 Windows Server 2008 X32 Edition,; Internet Explorer 7 Windows Server 2008 Itanium Edition,; Internet Explorer 7 Windows XP SP2,; Internet Explorer 7 Windows XP Professional X64 Edition SP2,; Internet Explorer 8,
Summary: A vulnerability in Microsoft Internet Explorer (object initialization) may allow remote code execution.

Tab Navigation

Description

A vulnerability in Microsoft Internet Explorer (object initialization) may allow remote code execution. . An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:: (MS09-054) Uninitialized Memory Corruption Vulnerability (974455)
Signature identifier:: 7195
Release date:: 10/13/2009

McAfee Intrushield

Signature:: HTTP: Microsoft Uninitialized Memory Corruption Vulnerability III
Signature identifier:: 0x40268B00
Release date:: 10/13/2009
First released in:: 4.1.59, 5.1.29

McAfee Host IPS

Signature:: Generic Buffer Overflow Protection
Signature identifier:: 428
Release date:: 8/24/2000
First released in:: 2.0

Signature:: (MS09-054) Uninitialized Memory Corruption Vulnerability (974455)
Signature identifier:: 7195
Release date:: 10/14/2009

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Signature:: Generic Buffer Overflow Protection

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Signature:: Generic Buffer Overflow Protection

Signature:: Generic Buffer Overflow Protection

McAfee Anti-Virus protection

Detection for known attack vectors will be provided in 5772 DATs when using gateway products such as SIG, SWG, GS.

Signature:: 5772
Release date:: 10/14/2009
First released in:: Exploit-CVE2009-2530

The V-Flash of 10/14/2009 contains coverage for windows.

Release date:: 10/14/2009

Additional Resources

(MS09-054) Uninitialized Memory Corruption Vulnerability (974455)

http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

All Information

Timeline -

10/13/2009

Vendor has provided a patch.

Description -

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:: (MS09-054) Uninitialized Memory Corruption Vulnerability (974455)
Signature identifier:: 7195
Release date:: 10/13/2009

McAfee Intrushield

Signature:: HTTP: Microsoft Uninitialized Memory Corruption Vulnerability III
Signature identifier:: 0x40268B00
Release date:: 10/13/2009
First released in:: 4.1.59, 5.1.29

McAfee Host IPS

Signature:: Generic Buffer Overflow Protection
Signature identifier:: 428
Release date:: 8/24/2000
First released in:: 2.0

Signature:: (MS09-054) Uninitialized Memory Corruption Vulnerability (974455)
Signature identifier:: 7195
Release date:: 10/14/2009

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Signature:: Generic Buffer Overflow Protection

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Signature:: Generic Buffer Overflow Protection

Signature:: Generic Buffer Overflow Protection

McAfee Anti-Virus protection

Detection for known attack vectors will be provided in 5772 DATs when using gateway products such as SIG, SWG, GS.

Signature:: 5772
Release date:: 10/14/2009
First released in:: Exploit-CVE2009-2530

The V-Flash of 10/14/2009 contains coverage for windows.

Release date:: 10/14/2009

Additional Resources

Additional Resources -

(MS09-054) Uninitialized Memory Corruption Vulnerability (974455)

http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

McAfee > Theat Center > Vulnerability Detail Page

Navigation

Utility Navigation

Content