9.3 - VU#228569

Executive Summary

Summary
Title	Microsoft Internet Explorer property memory corruption vulnerability

Informations
Name	VU#228569	First vendor Publication	2008-02-13
Vendor	VU-CERT	Last vendor Modification	2008-02-13
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#228569

Microsoft Internet Explorer property memory corruption vulnerability

Overview

A vulnerability in the way Microsoft Internet Explorer handles malformed property objects may may lead to execution of arbitrary code.

I. Description

Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret Web pages that contain malformed property objects. According to Microsoft Security Bulletin MS08-010:

When Internet Explorer calls the property method it may corrupt memory in such a way that an attacker could execute arbitrary code.

Note that this issue affects Internet Explorer versions 6 and 7.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user who is running the vulnerable application or cause a denial-of-service condition.

III. Solution

Update

Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS08-010 for more details.

Disable scripting

Disable scripting as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ.

Do not follow unsolicited links

In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

Systems Affected

Vendor	Status	Date Updated
Microsoft Corporation	Vulnerable	13-Feb-2008

References

http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
http://secunia.com/advisories/28903/
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661

Credit

This vulnerability was reported in Microsoft Security Bulletin MS08-010. Microsoft credits an anonymous researcher working with TippingPoint and the Zero Day Initiative for reporting this issue.

This document was written by Chris Taschner.

Other Information

Date Public	02/12/2008
Date First Published	02/13/2008 03:09:47 PM
Date Last Updated	02/13/2008
CERT Advisory
CVE Name	CVE-2008-0077
US-CERT Technical Alerts
Metric	15.53
Document Revision	11

Original Source

Url : http://www.kb.cert.org/vuls/id/228569

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-416	Use After Free

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5396

Oval ID:	oval:org.mitre.oval:def:5396
Title:	Property Memory Corruption Vulnerability
Description:	Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0077	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
IE 6 on Win 2k Microsoft Windows 2000 is installed AND Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1607 OR IE 6 on Win XP Microsoft Windows XP (32-bit) is installed AND Microsoft Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2900.3268 OR IE 6 on Win 2003 or Win XP X64 Microsoft Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.3064 AND Win XP X64/ Win 2K3 Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows XP x64 is installed OR IE 6 on Win 2003 / Win XP X64 Microsoft Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.4210 AND Win XP X64 / Win 2K3 Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows XP x64 is installed OR IE 7 on Win 2003 platforms Microsoft Internet Explorer 7 is installed AND Win XP / Win 2K3 and IE 7 Microsoft Windows XP is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 for Itanium is installed AND Check for LDR / GDR the version of mshtml.dll is less than 7.0.6000.16608 OR Check for LDR Check if the version of mshtml.dll is less than 7.0.6000.20733 AND Mshtml.dll version is greater than 7.0.6000.20000 OR IE 7 on Win Vista platforms Microsoft Internet Explorer 7 is installed AND Windows Vista 32/ 64 bit Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Check for LDR / GDR the version of mshtml.dll is less than 7.0.6000.16609 OR Check for LDR Check if the version of mshtml.dll is less than 7.0.6000.20734 AND Mshtml.dll version is greater than 7.0.6000.20000

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Internet Explorer cpe:2.3:a:microsoft:internet_explorer:7:::::::* cpe:2.3:a:microsoft:internet_explorer:6:sp1:::::: cpe:2.3:a:microsoft:internet_explorer:6:::::::*	3

Open Source Vulnerability Database (OSVDB)

Id	Description
41466	Microsoft IE animateMotion.by SVG Element by Property Memory Corruption

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Internet Explorer HTML+TIME animatemotion property memory corruptio... RuleID : 16382 - Revision : 11 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date	Description
2008-02-12	Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-010.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:56:56	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	3
osvdb(s)	1
Snort® Rule(s)	1
Nessus® Exploit(s)	1

	Related
9.3	MS08-013
9.3	MS08-010
9.3	MS07-060
9.3	MS07-036
8.8	CVE-2008-0077
5.1	MS06-047
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)