|
|
|
|
| |
Credit:
The information has been provided by Aniway.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=886
|
| |
Vulnerable Systems:
* Microsoft Internet Explorer 6
* Microsoft Internet Explorer 7
* Microsoft Internet Explorer 8
During the instantiation of multiple ActiveX Controls, a particular object is created along with multiple references that point to the object. The object can be destroyed and its associated references removed. However, a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the web page. To exploit this vulnerability, a targeted user must load a malicious webpage created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site.
CVE Information:
CVE-2010-3340
Disclosure Timeline:
03/24/2010 Initial Vendor Notification
03/24/2010 Initial Vendor Reply
12/14/2010 Coordinated Public Disclosure
|
|
|
|
|
