RETIRED: Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerabilities
BID:38951
Info
RETIRED: Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerabilities
| Bugtraq ID: | 38951 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2010 12:00AM |
| Updated: | Jun 10 2011 05:30PM |
| Credit: | These issues were disclosed by Peter Vreugdenhil during the Pwn2Own 2010 contest as part of the CanSecWest security conference. |
| Vulnerable: |
Microsoft Internet Explorer 8 |
| Not Vulnerable: | |
Discussion
RETIRED: Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerabilities
Microsoft Internet Explorer is prone to multiple unspecified remote code-execution vulnerabilities.
Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
The vulnerabilities affect Internet Explorer 8; other versions may be vulnerable as well.
This BID is being retired. The issues are better discussed in the following records:
40417 Microsoft Internet Explorer 'CStyleSheet' Uninitialized Memory Remote Code Execution Vulnerability
45698 Microsoft Data Access Components ActiveX Data Objects Memory Corruption Vulnerability
Microsoft Internet Explorer is prone to multiple unspecified remote code-execution vulnerabilities.
Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
The vulnerabilities affect Internet Explorer 8; other versions may be vulnerable as well.
This BID is being retired. The issues are better discussed in the following records:
40417 Microsoft Internet Explorer 'CStyleSheet' Uninitialized Memory Remote Code Execution Vulnerability
45698 Microsoft Data Access Components ActiveX Data Objects Memory Corruption Vulnerability
Exploit / POC
RETIRED: Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerabilities
The researcher responsible for discovering these issues has developed exploit code to trigger the vulnerabilities. This exploit code is not known to be publicly available.
The researcher responsible for discovering these issues has developed exploit code to trigger the vulnerabilities. This exploit code is not known to be publicly available.
Solution / Fix
RETIRED: Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RETIRED: Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerabilities
References:
References:
- Apple iPhone, Microsoft IE 8 get hacked in Pwn2Own contest (TechTarget)
- iPhone, Safari, IE 8, Firefox hacked in CanSecWest contest (cnet)
- Microsoft Internet Explorer Homepage (Microsoft)
- Pwn2Own 2010 (TippingPoint)
- Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit (Peter Vreugdenhil)