Microsoft Internet Explorer CTimeAction Object Memory Corruption Remote Code Execution Vulnerability
BID:39030
Info
Microsoft Internet Explorer CTimeAction Object Memory Corruption Remote Code Execution Vulnerability
| Bugtraq ID: | 39030 |
| Class: | Unknown |
| CVE: |
CVE-2010-0492 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2010 12:00AM |
| Updated: | Apr 13 2010 06:22PM |
| Credit: | Simon Zuckerbraun working with TippingPoint's Zero Day Initiative |
| Vulnerable: |
Microsoft Internet Explorer 8 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server MM 1.1 Avaya Messaging Application Server 5 Avaya Messaging Application Server 4 Avaya Messaging Application Server 0 Avaya Meeting Exchange - Webportal 6.0 Avaya Meeting Exchange - Web Conferencing Server 0 Avaya Meeting Exchange - Streaming Server 0 Avaya Meeting Exchange - Recording Server 0 Avaya Meeting Exchange - Client Registration Server 0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer CTimeAction Object Memory Corruption Remote Code Execution Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
Exploit / POC
Microsoft Internet Explorer CTimeAction Object Memory Corruption Remote Code Execution Vulnerability
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Microsoft Internet Explorer CTimeAction Object Memory Corruption Remote Code Execution Vulnerability
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for details.
Microsoft Internet Explorer 8
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for details.
Microsoft Internet Explorer 8
-
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=53fc3285-63c4 -487f-ad9a-7e1673aeffc7 -
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=5201a0c5-8162 -4809-b9d1-0e972b0f0066 -
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=46172617-293a -44c7-95b6-18202ab06a41 -
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=284d70ea-24a3 -4e67-a2a8-e9f272f728db -
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=c0145563-428e -47b6-b245-b59dce88ac0e -
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=6172dbec-6bfc -40bd-a0d4-67c39fb41b87 -
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=c69a6dfe-66b1 -4426-96a5-d64000296e76 -
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
http://www.microsoft.com/downloads/details.aspx?familyid=82fa6f47-002f -4943-888c-2e852675e76e -
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=8b7c664b-8612 -458f-bd0a-cf28b67f8374 -
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=e16c10d2-896d -48f3-bc76-5fa70881396a -
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=c9584689-5196 -4840-927c-23c8038f3382 -
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB980182)
http://www.microsoft.com/downloads/details.aspx?familyid=50809cc3-6baa -41b4-ba0a-596a1dd846ed
References
Microsoft Internet Explorer CTimeAction Object Memory Corruption Remote Code Execution Vulnerability
References:
References:
- Microsoft Internet Explorer Homepage (Microsoft)
- Microsoft Security Bulletin Advance Notification for March 2010 (Microsoft)
- Microsoft Security Bulletin MS10-018 (Microsoft)
- MS10-018 Cumulative Security Update for Internet Explorer (980182) (Avaya)
- ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vul (Zero Day Initiative)