Content
(MS09-054) Uninitialized Memory Corruption Vulnerability II (974455)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2009-2531,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP3,
- Windows XP X64 SP2,
- Windows 2003 SP2,
- Windows 2003 x64 SP2,
- Windows Vista SP1,
- Windows 2008,
- Windows 2008 x64,
- Windows Vista SP2,
- Windows 2008 SP2,
- Windows 2008 x64 SP2,
- Internet Explorer 5.01 SP4 Windows 2000 SP4,
- Internet Explorer 5.01,
- Internet Explorer 6 SP1 Windows 2000 SP4,
- Internet Explorer 6 SP1,
- Internet Explorer 6 Microsoft Windows Server 2003 SP1,
- Internet Explorer 6 Windows Server 2003 SP1,
- Internet Explorer 6 Windows Server 2003 SP1 Itanium,
- Internet Explorer 6 Windows Server 2003 SP2,
- Internet Explorer 6 Windows XP Professional X64 Edition SP2,
- Internet Explorer 6 Windows XP SP2,
- Internet Explorer 7,
- Internet Explorer 7 Windows Server 2003 SP2 Itanium,
- Internet Explorer 7 Windows 2000 SP4,
- Internet Explorer 7 Windows Vista SP1,
- Internet Explorer 7 Windows Vista X64 Edition SP1,
- Internet Explorer 7 Windows Server 2008 X64 Edition,
- Internet Explorer 7 Windows Server 2008 X32 Edition,
- Internet Explorer 7 Windows Server 2008 Itanium Edition,
- Internet Explorer 7 Windows XP SP2,
- Internet Explorer 7 Windows XP Professional X64 Edition SP2,
- Internet Explorer 8,
- Summary
- A vulnerability in Microsoft Internet Explorer (object initialization) may allow remote code execution.
Tab Navigation
Description
A vulnerability in Microsoft Internet Explorer (object initialization) may allow remote code execution. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-054) Uninitialized Memory Corruption Vulnerability II (974455)
- Signature identifier:
- 7197
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: IE Uninitialized Memory Corruption Vulnerability
- Signature identifier:
- 0x4026A200
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-054) Uninitialized Memory Corruption Vulnerability II (974455)
- Signature identifier:
- 7197
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee Anti-Virus protection
Detection for known attack vectors will be provided in 5772 DATs when using gateway products such as SIG, SWG, GS.
- Signature:
- 5772
- Release date:
- 10/14/2009
- First released in:
- Exploit-CVE2009-2531
The V-Flash of 10/14/2009 contains coverage for windows.
- Release date:
- 10/14/2009
Additional Resources
(MS09-054) Uninitialized Memory Corruption Vulnerability II (974455)
http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
All Information
Timeline -
10/13/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Internet Explorer (object initialization) may allow remote code execution. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-054) Uninitialized Memory Corruption Vulnerability II (974455)
- Signature identifier:
- 7197
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: IE Uninitialized Memory Corruption Vulnerability
- Signature identifier:
- 0x4026A200
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-054) Uninitialized Memory Corruption Vulnerability II (974455)
- Signature identifier:
- 7197
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee Anti-Virus protection
Detection for known attack vectors will be provided in 5772 DATs when using gateway products such as SIG, SWG, GS.
- Signature:
- 5772
- Release date:
- 10/14/2009
- First released in:
- Exploit-CVE2009-2531
The V-Flash of 10/14/2009 contains coverage for windows.
- Release date:
- 10/14/2009
Additional Resources
Additional Resources -
(MS09-054) Uninitialized Memory Corruption Vulnerability II (974455)
http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
