Executive Summary
Summary | |
---|---|
Title | Microsoft Internet Explorer iepeers.dll use-after-free vulnerability |
Informations | |||
---|---|---|---|
Name | VU#744549 | First vendor Publication | 2010-03-09 |
Vendor | VU-CERT | Last vendor Modification | 2010-03-30 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#744549Microsoft Internet Explorer iepeers.dll use-after-free vulnerabilityOverviewMicrosoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code.I. DescriptionMicrosoft Internet Explorer provides support for Web Folders and printing through the use of the iepeers.dll component. According to Microsoft Security Advisory (981374), the iepeers.dll contains a vulnerability in the use of a pointer after an object is freed. Microsoft reports that the vulnerability, which affects Internet Explorer 6 and 7, has been reported publicly.Exploit code for this vulnerability is publicly available. This vulnerability is currently being exploited in the wild. This issue is addressed in Microsoft Security Bulletin MS10-018, which modifies the way Internet Explorer handles objects in memory.
References
Thanks to Microsoft for reporting this vulnerability. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/744549 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:8446 | |||
Oval ID: | oval:org.mitre.oval:def:8446 | ||
Title: | Uninitialized Memory Corruption Vulnerability (CVE-2010-0806) | ||
Description: | Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0806 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Internet Explorer iepeers.dll use-after-free vulnerability | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-12-14 | Internet Explorer DHTML Behaviors Use After Free |
2010-03-10 | Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta) |
OpenVAS Exploits
Date | Description |
---|---|
2010-04-01 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (980182) File : nvt/secpod_ms10-018.nasl |
2010-03-10 | Name : MS Internet Explorer Remote Code Execution Vulnerability (981374) File : nvt/gb_ms_ie_remote_code_exe_vuln_981374.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62810 | Microsoft IE iepeers.dll Use-After-Free Arbitrary Code Execution Microsoft Windows Internet Explorer contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an attacker utilizes a remote memory-corruption vulnerability in Internet Explorer by inserting malicious code into a site and when Internet Explorer attempts to parse the attack page, the remote attacker to gain privileges of the currently logged-in user viewing the malicious site. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25986 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25985 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25984 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Crimepack exploit kit malicious pdf request RuleID : 21099 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Crimepack exploit kit landing page RuleID : 21098 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Crimepack exploit kit post-exploit download request RuleID : 21097 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Crimepack exploit kit control panel access RuleID : 21096 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Yang Pack yg.htm landing page RuleID : 21006 - Revision : 5 - Type : MALWARE-CNC |
2014-01-10 | Cute Pack cute-ie.html landing page RuleID : 21004 - Revision : 5 - Type : MALWARE-CNC |
2014-01-10 | Cute Pack cute-ie.html request RuleID : 21003 - Revision : 5 - Type : MALWARE-CNC |
2014-01-10 | Microsoft Internet Explorer invalid pointer memory corruption attempt RuleID : 18540 - Revision : 6 - Type : SPECIFIC-THREATS |
2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 17689 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 17688 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer invalid pointer memory corruption attempt RuleID : 17687 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer invalid pointer memory corruption attempt RuleID : 17686 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer invalid pointer memory corruption attempt RuleID : 17685 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 16482 - Revision : 15 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-03-30 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-018.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-04-10 13:28:16 |
|
2013-05-11 00:57:20 |
|