Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Date Discovered: 01/22/2010
Severity: High
Operating Systems Affected: Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista SP2
Microsoft Windows 7
Application Affected: Microsoft Internet Explorer 6
Microsoft Internet Explorer 6 SP1
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Type: Remote
Identifiers: CVE-2010-0244
CVE-2010-0245
CVE-2010-0246
CVE-2010-0247
Synopsis
Microsoft Internet Explorer is prone to a Uninitialized Memory Corruption vulnerability because Internet Explorer accesses an object that has not been correctly initialized or has been deleted.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
Threat Analysis
When Internet Explorer attempts to access an object that has not been initialized or has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

An attacker could exploit the vulnerability by constructing a specially crafted URL. When a user clicks the URL, the vulnerability could allow remote code execution.

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, delete data, or create new accounts with full user rights.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0244
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0245
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0246
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0247

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2009 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map