Content

(MS10-018) Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability III (980182)

Type
Logic error
Impact of exploitation
Remote Code Execution
User Interaction
user interaction is needed
Attack Vector
Website or e-mail with malicious content
Rating
High
CVE reference
CVE-2010-0806,
Vendor Status
Responded and patched
Vulnerable systems
Internet Explorer  6 SP1 Windows 2000 SP4,
Internet Explorer  6 SP1,
Internet Explorer  6 Microsoft Windows Server 2003 SP1,
Internet Explorer  6 Windows Server 2003 SP1,
Internet Explorer  6 Windows Server 2003 SP1 Itanium,
Internet Explorer  6 Windows Server 2003 SP2,
Internet Explorer  6 Windows XP Professional X64 Edition SP2,
Internet Explorer  6 Windows XP SP2,
Internet Explorer  7,
Internet Explorer  7 Windows Server 2003 SP2 Itanium,
Internet Explorer  7 Windows 2000 SP4,
Internet Explorer  7 Windows Vista SP1,
Internet Explorer  7 Windows Vista X64 Edition SP1,
Internet Explorer  7 Windows Server 2008 X64 Edition,
Internet Explorer  7 Windows Server 2008 X32 Edition,
Internet Explorer  7 Windows Server 2008 Itanium Edition,
Internet Explorer  7 Windows XP SP2,
Internet Explorer  7 Windows XP Professional X64 Edition SP2,
Summary
A code execution vulnerability is present in some versions of Microsoft Internet Explorer.

Tab Navigation

Description

A code execution vulnerability is present in some versions of Microsoft Internet Explorer. The flaw can occur upon processing objects which have not been correctly initialized or have been deleted. Exploitation can occur via a specially crafted web page, or email message containing a malicious link. Upon successful exploitation, an attacker may gain full control of a compromised host. The vendor (Microsoft) has reported that functional, targeted, attacks have been observed.

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released an update to address this issue: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS10-018) Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability III (980182)
Signature identifier:
8115
Release date:
3/9/2010
McAfee Intrushield
Signature:
HTTP: Microsoft Internet Explorer Code Execution Vulnerability
Signature identifier:
1076361984
Release date:
3/9/2010
First released in:
4.1.69, 5.1.39
McAfee Intrushield
Signature:
HTTP: Microsoft Internet Explorer Code Execution Vulnerability Exploits/Malware Detected
Signature identifier:
0x4027FE00
Release date:
3/10/2010
First released in:
UDS
McAfee Anti-Virus protection

Coverage is provided as BackDoor-EMN in the 5916 DATs, released March 10.

Signature:
DATs
Signature identifier:
5916
Release date:
3/10/2010
First released in:
BackDoor-EMN
McAfee Anti-Virus protection

Coverage is provided as Exploit-CVE-2010-0806 in the 5916 DATs, released March 10.

Signature:
DATs
Signature identifier:
5916
Release date:
3/10/2010
First released in:
Exploit-CVE-2010-0806

Additional Resources

Microsoft Security Advisory (981374) Vulnerability in Internet Explorer Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/981374.mspx

Microsoft Security Bulletin Advance Notification for March 2010

http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx

Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182)

http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

All Information

Timeline -

4/8/2010

Exploit code has been released.

3/30/2010

Vendor has provided a patch.

3/29/2010

Vendor has provided information on the vulnerability.

3/10/2010

A proof of concept has been released.

3/9/2010

Vendor has provided information on the vulnerability.

Description -

A code execution vulnerability is present in some versions of Microsoft Internet Explorer. The flaw can occur upon processing objects which have not been correctly initialized or have been deleted. Exploitation can occur via a specially crafted web page, or email message containing a malicious link. Upon successful exploitation, an attacker may gain full control of a compromised host. The vendor (Microsoft) has reported that functional, targeted, attacks have been observed.

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released an update to address this issue: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS10-018) Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability III (980182)
Signature identifier:
8115
Release date:
3/9/2010
McAfee Intrushield
Signature:
HTTP: Microsoft Internet Explorer Code Execution Vulnerability
Signature identifier:
1076361984
Release date:
3/9/2010
First released in:
4.1.69, 5.1.39
McAfee Intrushield
Signature:
HTTP: Microsoft Internet Explorer Code Execution Vulnerability Exploits/Malware Detected
Signature identifier:
0x4027FE00
Release date:
3/10/2010
First released in:
UDS
McAfee Anti-Virus protection

Coverage is provided as BackDoor-EMN in the 5916 DATs, released March 10.

Signature:
DATs
Signature identifier:
5916
Release date:
3/10/2010
First released in:
BackDoor-EMN
McAfee Anti-Virus protection

Coverage is provided as Exploit-CVE-2010-0806 in the 5916 DATs, released March 10.

Signature:
DATs
Signature identifier:
5916
Release date:
3/10/2010
First released in:
Exploit-CVE-2010-0806

Additional Resources

Additional Resources -

Microsoft Security Advisory (981374) Vulnerability in Internet Explorer Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/981374.mspx

Microsoft Security Bulletin Advance Notification for March 2010

http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx

Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182)

http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx