|
|
|
Credit:
The information has been provided by Nicolas Joly.
The original article can be found at: http://seclists.org/bugtraq/2010/Dec/158
|
|
Vulnerable Systems:
* Internet Explorer 6 for Windows XP Service Pack 3
* Internet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2
* Internet Explorer 6 for Windows Server 2003 Service Pack 2
* Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 2
* Internet Explorer 6 for Windows Server 2003 SP2 (Itanium)
The vulnerability is caused by a use-after-free vulnerability when handling certain animation behaviours, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page.
Patch Availability:
Apply MS10-090 security updates:
http://www.microsoft.com/technet/security/bulletin/ms10-090.mspx
CVE Information:
CVE-2010-3343
Disclosure Timeline:
2010-04-29 - Vendor notified
2010-04-29 - Vendor response
2010-12-01 - Status update received
2010-12-14 - Coordinated disclosure
|
|
|
|