Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
BID:30614
Info
Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
| Bugtraq ID: | 30614 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-2254 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 12 2008 12:00AM |
| Updated: | Aug 25 2008 09:05PM |
| Credit: | Yamata Li of Palo Alto Networks |
| Vulnerable: |
Nortel Networks Self-Service Speech Server 0 Nortel Networks Self-Service Peri Workstation 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 500 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service MPS 100 0 Nortel Networks Self-Service Media Processing Server 0 Nortel Networks Self-Service 0 Nortel Networks Enterprise VoIP TM-CS1000 Nortel Networks Contact Center NCC 0 Nortel Networks Contact Center Manager Server 0 Nortel Networks Contact Center Manager Nortel Networks Contact Center Express Nortel Networks Contact Center Administration 0 Nortel Networks Contact Center Nortel Networks CallPilot 703t Nortel Networks CallPilot 702t Nortel Networks CallPilot 702t Nortel Networks CallPilot 201i Nortel Networks CallPilot 200i Nortel Networks CallPilot 1002rp Nortel Networks CallPilot 1002rp Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 HP Storage Management Appliance III HP Storage Management Appliance II HP Storage Management Appliance I HP Storage Management Appliance 2.1 HP Storage Management Appliance 2.1 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server MM 1.1 Avaya Messaging Application Server 0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page.
Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page.
Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.
Exploit / POC
Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
Solution:
Microsoft has released an advisory along with fixes to address this issue. Please see the references for more information.
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Solution:
Microsoft has released an advisory along with fixes to address this issue. Please see the references for more information.
Microsoft Internet Explorer 7.0
-
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB953838)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=B3C2E2FD-1CB9 -491B-937C-053DD59A65BF -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
Windows Server 2003 Service Pack 1 for Itanium-based Systems; Windows Server 2003 Service Pack 2 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=97D0D37D-5D76 -4BC3-8CBD-1E3976C82ACF -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB953838)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=88A26B76-F7DF -45C9-8ED0-7D3CD71C1987 -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB953838)
Windows XP Service Pack 2; Windows XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=8E2125C7-52CB -4052-82A3-2D3C6A953752 -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB953838)
Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=39B41E4B-3237 -409D-A818-AB0517C5E7CF -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB953838)
Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?familyid=4B52FF2F-D2F5 -4C20-B6CF-86D86C56B0F8 -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB953838)
Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?familyid=DF9814A6-5BE0 -4AC1-A767-A0EAE8D5EE5D -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB953838)
Windows Vista; Windows Vista Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=13CBA012-DD20 -48F9-8E44-E4CB104C4CAD -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB953838)
Windows Vista 64-bit Editions Service Pack 1; Windows Vista Business 64-bit edition; Windows Vista Enterprise 64-bit edition; Windows Vista Home Basic 64-bit edition; Windows Vista Home Premium 64-bit edition; Windows Vista Ultimate 64-bit edition
http://www.microsoft.com/downloads/details.aspx?familyid=EAD919C2-D548 -47B7-9CD6-80F991266428 -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB953838)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=0617A5DD-DCE9 -4DE0-B0A0-CE38EFE13524 -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB9
Windows Server 2003 Service Pack 1 for Itanium-based Systems; Windows Server 2003 Service Pack 2 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=1855997E-A3BE -46B1-A0BC-BB55EB0045FE -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB953838)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=32A63F52-9FE6 -48E3-BB4E-7D4DDA5E0A90 -
Microsoft Cumulative Security Update for Internet Explorer in Windows Server 2008 64-bit Itanium Edition (KB95
Windows Server 2008 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=FFC3CFCB-73FE -4A6D-9595-E9D7A5B3D3F7
Microsoft Internet Explorer 6.0 SP1
-
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB953838)
Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=AA780735-5928 -4C46-89A4-63A814954796 -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB953838)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=0617A5DD-DCE9 -4DE0-B0A0-CE38EFE13524 -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB9
Windows Server 2003 Service Pack 1 for Itanium-based Systems; Windows Server 2003 Service Pack 2 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=1855997E-A3BE -46B1-A0BC-BB55EB0045FE -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB953838)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=32A63F52-9FE6 -48E3-BB4E-7D4DDA5E0A90 -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB953838)
Windows XP Service Pack 2; Windows XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E -4B15-AB8D-4FCE44CC0BC2 -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB953838)
Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=4780B89E-9735 -4D3F-8DEF-34E7337FF604
Microsoft Internet Explorer 6.0
-
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB953838)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=0617A5DD-DCE9 -4DE0-B0A0-CE38EFE13524 -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB9
Windows Server 2003 Service Pack 1 for Itanium-based Systems; Windows Server 2003 Service Pack 2 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=1855997E-A3BE -46B1-A0BC-BB55EB0045FE -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB953838)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=32A63F52-9FE6 -48E3-BB4E-7D4DDA5E0A90 -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB953838)
Windows XP Service Pack 2; Windows XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E -4B15-AB8D-4FCE44CC0BC2 -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB953838)
Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=4780B89E-9735 -4D3F-8DEF-34E7337FF604
References
Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
References:
References:
- Microsoft Internet Explorer Homepage (Microsoft)
- 2008009027, Rev 1 Nortel Response to Microsoft Security Bulletin MS08-045 (Nortel Networks)
- Avaya Security Advisory ASA-2008-336 (Avaya)
- Microsoft Security Bulletin MS08-045 (Microsoft)