Microsoft IE Invalid Object Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	10/13/2009
Severity:	High
Applications Affected:	Internet Explorer
Type:	Remote
Identifiers:	CVE-2009-2530

Synopsis

The Microsoft Internet explorer is prone to Remote Code Execution vulnerability in the way that this application tries to access invalid object. After successful exploitation remote attacker can execute arbitrary code in security context of logged-in user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

Threat Analysis

Microsoft Internet Explorer is the most widely used web browser application. IE is capable of processing various schemes which define the method with which a resource is requested, as well as how it is processed. Some of the schemes that are widely used are http://, ftp://, file://, and mhtml:// etc. The IE browser competes with an earlier browser, Netscape and more.

The Microsoft Internet Explorer is prone to Remote Code Execution vulnerability. This vulnerability exists because Internet Explorer accesses an object that has not been correctly initialized or has been deleted. Successful exploitation allows remote attacker can execute arbitrary code in security context of logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2530

Write-up by: Gaurav Bajpai