Microsoft IE Argument Validation Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	10/13/2009
Severity:	High
Applications Affected:	Internet Explorer
Type:	Remote
Identifiers:	CVE-2009-2529

Synopsis

The Microsoft Internet explorer is prone to Remote Code Execution vulnerability in the way that this application validates incorrect argument. After successful exploitation remote attacker can execute arbitrary code in security context of logged-in user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

Threat Analysis

Microsoft Internet Explorer is the most widely used web browser application. IE is capable of processing various schemes which define the method with which a resource is requested, as well as how it is processed. Some of the schemes that are widely used are http://, ftp://, file://, and mhtml:// etc. The IE browser competes with an earlier browser, Netscape and more.

The Microsoft Internet Explorer is prone to Remote Code Execution vulnerability. This vulnerability exists because Internet Explorer handles incorrect argument validation of a variable in specific situations. Successful exploitation allows remote attacker can execute arbitrary code in security context of logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2529

Write-up by: Gaurav Bajpai