|
|
|
|
| |
Credit:
The information has been provided by zdi-disclosures@tippingpoint.com.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-09-062
|
| |
Vulnerable Systems:
* Microsoft Internet Explorer
The specific flaw exists when parsing the jscript keyword "arguments". Because the arguments object is not available until a certain time, invoking it can result in memory corruption. Successful exploitation of this vulnerability can lead to a remote system compromise under the credentials of the current user.
Patch Availability:
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx
CVE Information:
CVE-2009-1920
Disclosure Timeline:
2009-04-28 - Vulnerability reported to vendor
2009-09-08 - Coordinated public release of advisory
-------------------------------------------------------------------------------------------------------------------------------
Insider's report: What is behind malware growth and how this knowledge will help you avoid the threat.
-
|
|
|
|
|
