Content
(MS11-027) Microsoft Microsoft Internet Explorer 8 Developer Tools Remote Code Execution (2508272)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- High
- CVE reference
- CVE-2010-0811,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP SP3,
- Windows Vista SP1,
- Windows 2003 SP2,
- Windows 2000 SP4,
- Windows 2008,
- Windows Vista SP2,
- Windows 2008 SP2,
- Windows 2008 Itanium SP2,
- Windows Vista SP1,
- Windows 7,
- Windows 7 x64,
- IE Developer Tools 8,
- Summary
- A vulnerability exists in Microsoft Windows Internet Explorer 8 Developer Tools that could allow an attacker to gain elevated privileges.
Tab Navigation
Description
A vulnerability exists in Microsoft Windows Internet Explorer 8 Developer Tools that could allow an attacker to gain elevated privileges. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released an update to address this issue http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS11-027) Microsoft Microsoft Internet Explorer 8 Developer Tools Remote Code Execution (2508272)
- Signature identifier:
- 9085
- Release date:
- 6/8/2010
Additional Resources
(MS10-034) Microsoft Internet Explorer 8 Developer Tools Vulnerability (980195)
http://www.microsoft.com/technet/security/bulletin/MS10-034.mspx
Microsoft Security Bulletin MS11-027 - Critical Cumulative Security Update of ActiveX Kill Bits (2508272)
http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx
All Information
Timeline -
4/12/2011
Vendor has provided a patch.
6/8/2010
Vendor has provided a patch.
Description -
A vulnerability exists in Microsoft Windows Internet Explorer 8 Developer Tools that could allow an attacker to gain elevated privileges. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released an update to address this issue http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS11-027) Microsoft Microsoft Internet Explorer 8 Developer Tools Remote Code Execution (2508272)
- Signature identifier:
- 9085
- Release date:
- 6/8/2010
Additional Resources
Additional Resources -
(MS10-034) Microsoft Internet Explorer 8 Developer Tools Vulnerability (980195)
http://www.microsoft.com/technet/security/bulletin/MS10-034.mspx
Microsoft Security Bulletin MS11-027 - Critical Cumulative Security Update of ActiveX Kill Bits (2508272)
http://www.microsoft.com/technet/security/bulletin/ms11-027.mspx