Microsoft IE Race Condition Memory Corruption Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	03/31/2010
Severity:	High
Operating Systems Affected:	Microsoft Windows
Applications Affected:	Microsoft Internet Explorer 5.01 SP4 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 7.0
Type:	Remote
Identifiers:	CVE-2010-0489

Synopsis

Microsoft Internet Explorer is prone to memory corruption vulnerability, which could be exploited to take complete control of an affected system.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

iPolicy Networks Response

iPolicy IPF provides detection of this vulnerability by the following signature:

•Possible_Microsoft_IE_Race_Condition_Memory_Corrouption_Attempt

This signature is available in IDS pack 10099

Threat Analysis

Microsoft Internet Explorer is a well known proprietary web browser application developed by Microsoft and included as part of the Microsoft Windows line of operating systems. A memory corruption vulnerability exists in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7.

The flaw exists in the way that Internet Explorer accesses an object that may have been corrupted due to a race condition.Successful exploitation allows remote attackers to execute arbitrary code on the affected system and gain the same user rights as a logged-on user.

References

http://www.securityfocus.com/bid/39026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0489
http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

Write-up by: Dheeraj Johri