Microsoft has issued an advisory for an unpatched vulnerability affecting all versions of Internet Explorer on all platforms. The vulnerability could allow a malicious web page to trigger a denial of service or remote code execution in the context of the IE user. Exploit code for the vulnerability has been published but there not yet any reports of active exploits in the wild.
The vulnerability is of a type known as “use-after-free” and is in the CSharedStyleSheet::Notify function in the CSS parser in mshtml.dll. Multiple @import calls in the attack document trigger the vulnerability. It was first reported by wooyun.org.
The exploit bypasses ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) by taking advantage of a library it loads (mscorie.dll) which was not compiled with the /DYNAMICBASE option which enables ASLR and therefore loads predictably at the same address. Microsoft doesn’t say why this, and apparently other libraries weren’t compiled with this option, but suggests that you use their Enhanced Mitigation Experience Toolkit to force all loaded DLLs to dynamically rebase. This change should make the exploits highly unlikely to succeed. This video demonstrates the process.
Microsoft also stresses that protected mode in Internet Explorer 7 and 8 on Windows Vista, Windows 7 and Windows Server 2008 mitigate the vulnerability by limiting the privileges of attack code which succeeds in exploiting the vulnerability.
– on Security Watch
Related Posts
- Firefox 4 gets its first security update
Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser's first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in... - Malicious .RTF Files Exploit Microsoft Office Vulnerability
A stack-based buffer overflow vulnerability in Microsoft Office was recently discovered to have been actively exploited in the wild. Trend Micro now detects the exploit .RTF files as TROJ_ARTIEF.SM.
... - Microsoft Advises on Unpatched IE Vulnerability
Note: Post authored by Larry Seltzer.
Microsoft has issued an
advisory on a vulnerability in Internet Explorer that could allow malicious code from a visited web site to execute.The company ... - Hackers exploit unpatched IE bug with drive-by attacks
Microsoft today warned that attackers are targeting Internet Explorer (IE) with an exploit of a critical unpatched vulnerability in all current versions of the browser.
View full post on Computerwo... - Patch for ASP.net Information Disclosure Vulnerability Released
Microsoft has released an out-of-band security bulletin (MS10-070), for the ASP.NET "information disclosure" vulnerability.The short version of the vulnerability is that exploiting it generate... - Unpatched Vulnerability in All Windows Versions Claimed
Several sites, including VUPEN Security, are reporting a vulnerability in Windows 7 and Windows Server 2008 and 2008 R2 which could lead to full kernel-level access to the system.
The bug is... - SMBv2 exploit for Vista and Server 2008 released
While I was too busy with BruCON, it seems that a SMBv2 vulnerability was published: Security Advisory 975497. While it affects Windows Vista and Server 2008, other versions are not vulnerable (includ... - Out-of-band patch for the Aurora exploit will be released today by Microsoft
Many words have been written about the new IE zero-day vulnerability which was used in the China attack. Microsoft will release a patch today to fix the Aurora vulnerability. I recommend to update you... - Finjan prevents 0-day exploit of Adobe Acrobat Reader and Flash player vulnerability
Finjan’s Malicious Code Research Center (MCRC) has detected yet another case of a 0-day attack “in the wild”. This time, hackers are exploiting a vulnerability (CVE-2009-1862) in Adobe Acrobat/Reader... - Poisoned Google image searches becoming a problem
If you are a regular user of Google's search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its be...
Posted on 25 December 2010. Tags: Exploit, released, unpatched, Vulnerability
