Microsoft
Internet Explorer Remote Code Execution Vulnerability
Date Discovered:
01/15/2010
Severity:
High
Operating Systems
Affected:
Microsoft Windows 2000
SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista SP2
Microsoft Windows 7
Application Affected:
Microsoft Internet
Explorer 6
Microsoft Internet Explorer 6 SP1
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Type:
Remote
Identifiers:
CVE-2010-0249
CVE-2010-0248
Synopsis
Microsoft
Internet Explorer is prone to memory corruption vulnerability. This
vulnerability exists in the way that Internet Explorer handling certain
event operations may lead to a crash or remote code execution.
The
vulnerability exists as an invalid pointer reference within Internet
Explorer. It is possible under certain conditions for the invalid
pointer to be accessed after an object is deleted.
An attacker could host a specially crafted Web site that is designed to
exploit this vulnerability through Internet Explorer and then convince
a user to view the Web site. The attacker could also take advantage of
compromised Web sites and Web sites that accept or host user-provided
content or advertisements. These Web sites could contain specially
crafted content that could exploit this vulnerability.
An attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs, view, change, delete data, or create new accounts with full
user rights.
