|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU Vulnerability Note VN-2008-14

Microsoft Internet Explorer Data binding Memory Corruption Vulnerability

Original Issue Date: December 15, 2008

Severity Rating: High

Systems Affected

  • Windows Internet Explorer 8 Beta 2
  • Windows Internet Explorer 7
  • Windows Internet Explorer 6.0 SP1 and prior
  • Windows Internet Explorer 5.01 SP4 and prior
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Vista x64 Edition SP1 and prior
  • Windows Vista SP1 and prior
  • Windows Server 2003 x64 Edition SP2 and prior
  • Windows Server 2003 for Itanium-based Systems SP2 and prior
  • Windows Server 2003 SP2 and prior
  • Windows XP Professional x64 Edition SP2 and prior
  • Windows XP SP3 and prior
  • Microsoft Windows 2000 Service Pack 4

Overview

Microsoft Internet Explorer contains invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

The vulnerability exists due to an invalid pointer reference in the data binding function of Internet Explorer when it attempts to parse XML tags. When the mshtml.dll(used for rendering web pages) library attempts to process malformed XML objects that are embedded in improperly nested HTML SPAN tags, Internet Explorer could overwrite memory structures.

By convincing a user to view a specially crafted XML document (e.g., a web page or email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.

Workarounds

  • Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
  • Disable XML Island functionality
  • Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL
  • Disable Row Position functionality of OLEDB32.dll
  • Unregister OLEDB32.DLL
  • Use ACL to disable OLEDB32.DLL
  • Enable DEP for Internet Explorer 7 on Windows Vista and on Windows Server 2008
  • Disable Data Binding support in Internet Explorer 8 Beta 2

For detailed steps and impact of applying these workarounds refer to Microsoft security Advisory 961051

Note: Proof-of-code code exists publicly and reports indicate that the vulnerability is being exploited in the wild.

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/advisory/961051.mspx

CVE Name
CVE-2008-4844

References

Microsoft
http://www.microsoft.com/technet/security/advisory/961051.mspx

Secunia
http://secunia.com/advisories/33089

ISC SANS
http://isc.sans.org/diary.html?storyid=5458

McAfee Avert labs
http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/

Cisco Security Center
http://tools.cisco.com/security/center/viewAlert.x?alertId=17241

  
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +