Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft IE HTML Objects Memory Corruption Vulnerability
Date Discovered: 06/10/2008
Severity: High
Operating Systems Affected: Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Applications Affected: Microsoft Internet Explorer 5.01 SP4
Microsoft Internet Explorer 6 SP1
Microsoft Internet Explorer 6
Microsoft Windows Internet Explorer 7
Synopsis
Microsoft Internet Explorer is prone to a memory corruption vulnerability because Microsoft Internet Explorer does not correctly handle certain unexpected method calls to HTML objects.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
Threat Analysis
A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.

When Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects, it may corrupt memory in such a way that an attacker could execute arbitrary code. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1442

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map