Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20735
HistoryOct 21, 2008 - 12:00 a.m.

n.runs-SA-2008.008 - Internet Explorer HTML Object Memory Corruption and Remote Code Execution

2008-10-2100:00:00
vulners.com
21
JSON

n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2008.008 21-October-2008

Vendor: Microsoft
Affected Products: Internet Explorer 6
Internet Explorer 7
Windows XP SP2 & SP3
Windows 2000 SP4
Windows 2003 SP1
Vulnerability: Remote Code execution
Risk: High

Overview

A remote code execution vulnerability exists in Internet Explorer due to
accesses to uninitialized memory in certain cases of DTML constructs. As
a result, memory may be corrupted in such a way that an attacker could
execute arbitrary code in the context of the logged-on user.

Impact

An attacker could exploit the vulnerability by constructing a specially
prepared Website, when a user views the Web page, the vulnerability
could allow remote code execution. An attacker who successfully
exploited this vulnerability could gain the same user rights as the
logged-on user.

Solution

Microsoft has issued an update to correct this vulnerability. More
details can be found at:
http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx

Vendor communication:

2008/07/07   Thierry sends notification to Microsoft
2008/07/07   Acknowledgement and Receipt
2008/10/14   Microsoft publishes

Credits

Vulnerability discovered by Thierry Zoller

About n.runs

n.runs AG is a vendor-independent consulting company specializing in the
areas of: IT Infrastructure, IT Security and IT Business Consulting. In
2007, n.runs expanded its core business area, which until then had been
project based consulting, to include the development of high-end
security solutions. Application Protection System - Anti Virus (aps-AV)
is the first high-end security solution that n.runs is bringing to the
market.

Advisories can be found at : http://www.nruns.com/security_advisory.php

Copyright Notice

Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
[email protected] for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded.
In no event shall n.runs be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages, even if n.runs has been advised of the possibility of
such damages.

Copyright n.runs AG. All rights reserved. Terms of use apply.

Subscribe to the n.runs newsletter by signing up to:
http://www.nruns.com/newsletter_en.php

JSON