lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <48FDF0A4.6050905@nruns.com>
Date: Tue, 21 Oct 2008 17:09:24 +0200
From: "security@...ns.com" <security@...ns.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Cc: cve@...re.org, soc@...cert.gov, vuln@...unia.com, cert@...t.org
Subject: n.runs-SA-2008.008 - Internet Explorer HTML
 Object Memory Corruption and Remote Code Execution

n.runs AG
http://www.nruns.com/                              security(at)nruns.com
n.runs-SA-2008.008                                       21-October-2008

____________________________________________________________________________

Vendor:             Microsoft
Affected Products:  Internet Explorer 6
                     Internet Explorer 7
                     Windows XP SP2 & SP3
                     Windows 2000 SP4
                     Windows 2003 SP1
Vulnerability:      Remote Code execution
Risk:               High
____________________________________________________________________________


Overview
--------
A remote code execution vulnerability exists in Internet Explorer due to 
accesses to uninitialized memory in certain cases of DTML constructs. As 
a result, memory may be corrupted in such a way that an attacker could 
execute arbitrary code in the context of the logged-on user.

Impact
------
An attacker could exploit the vulnerability by constructing a specially 
prepared Website, when a user views the Web page, the vulnerability 
could allow remote code execution. An attacker who successfully 
exploited this vulnerability could gain the same user rights as the 
logged-on user.

Solution
--------
Microsoft has issued an update to correct this vulnerability. More 
details can be found at:
http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx

________________________________________________________________________

Vendor communication:

    2008/07/07   Thierry sends notification to Microsoft
    2008/07/07   Acknowledgement and Receipt
    2008/10/14   Microsoft publishes

________________________________________________________________________

Credits
-------
Vulnerability discovered by Thierry Zoller


About n.runs
------------
n.runs AG is a vendor-independent consulting company specializing in the
areas of: IT Infrastructure, IT Security and IT Business Consulting. In
2007, n.runs expanded its core business area, which until then had  been
project based consulting, to  include the development of high-end 
security solutions. Application Protection System - Anti Virus (aps-AV) 
is the first high-end security solution that n.runs is bringing to the 
market.

Advisories can be found at : http://www.nruns.com/security_advisory.php

Copyright Notice
----------------
Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
security@...ns.com for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded.
In no event shall n.runs be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages, even if n.runs has been advised of the possibility of 
such damages.

Copyright n.runs AG. All rights reserved. Terms of use apply.

________________________________________________________________________

Subscribe to the n.runs newsletter by signing up to:
http://www.nruns.com/newsletter_en.php

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ