|
|
| |
Credit:
The information has been provided by wushi & ling of team509.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-09-047
|
| |
Vulnerable Systems:
* Microsoft Internet Explorer
The specific flaw exists in the appending of elements to an invalid object. When appending malformed elements to a empty DIV element memory corruption can occur. A properly constructed web page can result in remote code execution under the context of the current user.
Patch Availability:
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx
CVE Information:
CVE-2009-1918
Disclosure Timeline:
2009-04-28 - Vulnerability reported to vendor
2009-08-05 - Coordinated public release of advisory
----------------------------------------------------------------------------
Evaluate your site's resistance to the installation of malicious code. Have it
scanned for vulnerabilities.
|
|
|
