Microsoft Internet Explorer Attributes Handling Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	03/10/2010
Severity:	High
Operating System:	Microsoft Windows
Applications Affected:	Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 7.0
Type:	Remote
Identifiers:	CVE-2010-0806

Synopsis

Microsoft Internet Explorer is prone to remote code execution vulnerability in the way that this application fails to handle specially crafted attributes. An attacker, who successfully exploited this vulnerability, could gain the same user rights as the local user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/advisory/981374.mspx

Threat Analysis

Microsoft Internet Explorer is a proprietary graphical web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems.

Microsoft Internet Explorer is prone to remote code execution vulnerability. This vulnerability exists when this application fails to handle some object attributes and lead to crash. By using this flaw, a remote attacker can execute arbitrary code in security context of logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0806

Write-up by: Gaurav Bajpai