CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2010-2

Microsoft Internet Explorer DOM Operation Memory Corruption Vulnerability

Original Issue Date: December 15, 2009

Severity Rating: High

Systems Affected

iManager 2.7.2 and prior
Windows XP SP 2 and Windows XP SP 3
Windows XP Professional x64 Edition SP 2
Windows Server 2003 SP 2
Windows Server 2003 x64 Edition SP 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista SP 1, and Windows Vista SP 2
Windows Vista x64 Edition, SP 1& SP 2
Windows Server 2008 & SP2 for 32-bit Systems
Windows Server 2008 & SP 2for x64-based Systems
Windows Server 2008 & SP 2 for Itanium-based Systems
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems

Components Affected

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8

Overview

A remote code execution vulnerability has been reported Microsoft Internet Explorer that could allow an attacker to execute arbitrary code in the privileges of the logged in user.

Description

This memory corruption vulnerability which is due to invalid pointer reference-accessing freed/deleted objects- when handling certain DOM operations.

An unauthenticated remote attacker could exploit this vulnerability by persuading the users to click a link in an e-mail message or in an Instant Messenger message that takes users to the specially crafted Web site.

Successful exploitation leads remote code execution in the context of the logged in user.

Workarounds

Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
Enable DEP for Internet Explorer 6 Service Pack 2 or Internet Explorer 7 .To enable or disable DEP automatically , install the application compatibility database given in the Microsoft Knowledge Base article 979352

For detailed steps of these workarounds refer to Microsoft Security advisory 979352

References

Microsoft
http://www.microsoft.com/technet/security/advisory/979352.mspx
http://support.microsoft.com/kb/979352

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=19726

US-CERT
http://www.kb.cert.org/vuls/id/492515

SecurityTracker
http://securitytracker.com/alerts/2010/Jan/1023462.html

ISC
http://isc.sans.org/diary.html?storyid=7993&rss

McAfee
http://vil.nai.com/vil/content/v_vul49625.htm

CVE Name
CVE-2009-1298

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.