Announcement Announcement Module
Collapse
No announcement yet.
Advisory - Microsoft Internet Explorer Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advisory - Microsoft Internet Explorer

    Microsoft Internet Explorer CMarkup Use-After-Free Vulnerability

    Severity Rating: HIGH

    Systems Affected
    • Microsoft Internet Explorer 8

    Overview
    A use-after-free vulnerability has been reported in Microsoft Internet Explorer (IE) which could allow an unauthenticated remote attacker to execute arbitrary code on a target system.

    Description
    The vulnerability exists due to improper handling of CMarkup objects within "CMarkup::CreateInitialMarkup".
    An unauthenticated, remote attacker couldexploit this issue by enticing a user to view specially crafted HTMLdocument triggering a memory corruption.
    Successful exploitation could allow the attacker to execute arbitrary code on the system with the privileges of the targeted user.

    Workaround
    • Upgrade to Internet Explorer 11
    • Deploy and configure the Microsoft Enhanced Mitigation Experience Toolkit (EMET) for IE.
    • Set the Internet security zone setting to "High" to block ActiveX Controls and Active Scripting.
    • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

    References
    Zero Day Initiative
    http://www.zerodayinitiative.com/advisories/ZDI-14-140/

    Cisco
    http://tools.cisco.com/security/cent...?alertId=34324

    US CERT
    http://www.kb.cert.org/vuls/id/239151

    XForce
    http://xforce.iss.net/xforce/xfdb/92807

    Security Tracker
    http://www.securitytracker.com/id/1030266

    Security Focus
    http://www.securityfocus.com/bid/67544/
Tag Cloud Tag Cloud Module
Collapse
Working...
X