Microsoft IE HTML Object Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	03/31/2010
Severity:	High
Operating Systems Affected:	Microsoft Windows
Applications Affected:	Microsoft Internet Explorer 8
Type:	Remote
Identifiers:	CVE-2010-0492

Synopsis

Microsoft Internet Explorer is prone to a memory corruption vulnerability, which could be exploited to execute remote code and gain the same user rights as a logged-on user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

iPolicy Networks Response

iPolicy IPF provides detection of this vulnerability by the following signature:

•Possible_Microsoft_IE_HTML_Object_MSTime_DoS_Attempt

This signature is available in IDS pack 10099

Threat Analysis

Microsoft Internet Explorer is a well known proprietary web browser application developed by Microsoft and included as part of the Microsoft Windows line of operating systems. A memory corruption flaw exists in Microsoft Internet Explorer 8.

The flaw exists due to improper handling of objects by mstime.dll in Microsoft Internet explorer. Successful exploitation allows remote attackers to run arbitrary code in the context of the user running the affected application or failed attacks may cause denial-of-service condition leading to crash.

References

http://www.securityfocus.com/bid/39030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0492
http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

Write-up by: Dheeraj Johri