|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631
|
| |
Vulnerable Systems:
* Internet Explorer version 6.0
* Internet Explorer version 7.0
The vulnerability lies in the JavaScript setExpression method, which is implemented in mshtml.dll. When malformed parameters are supplied, memory can be corrupted in a way that results in Internet Explorer accessing a previously deleted object. By creating a specially crafted web page, it is possible for an attacker to control the contents of the memory pointed to by the released object. This allows an attacker to execute arbitrary code.
Analysis:
Exploitation of this vulnerability would allow an attacker to execute arbitrary code in the context of the user running Internet Explorer.
In order to exploit this vulnerability, an attacker must persuade a user to render a malicious web page using Internet Explorer. This is usually accomplished by providing a link to the malicious page in an e-mail or instant message.
On Windows Vista, Internet Explorer 7 runs in "Protected Mode". Since "Protected Mode" processes web pages with lower privileges than a normal user, it lessens the impact of this vulnerability. However, it does not prevent arbitrary code execution on the affected system.
Workaround:
Disable Active Scripting (JavaScript) to prevent exploitation of this issue. Applying this workaround will prevent proper rendering of web sites that rely on JavaScript.
Vendor response:
Microsoft has addressed this vulnerability within Microsoft Security Bulletin MS07-069. For more information, consult their bulletin at the following URL: http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
CVE Information:
CVE-2007-3902
Disclosure Timeline:
05/08/2007 - Initial vendor notification
05/08/2007 - Initial vendor response
12/11/2007 - Coordinated public disclosure
|
|
|
|
|
