|
|
|
|
| |
Credit:
The information has been provided by Peter Vreugdenhil .
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-289/
|
| |
Vulnerable Systems:
* Microsoft Internet Explorer
The specific flaw exists within usage of a particular element that's part of the Timed Interactive Multimedia Extensions component of the browser. By removing an element referenced by a tag used for implementing an animation, the application can be made to access an element that has been previously freed. Successful exploitation can lead to code execution under the context of the application.
Patch Availability:
Microsoft has issued an update to correct this vulnerability. More details can be found at
http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx
CVE Information:
CVE-2010-3346
Disclosure Timeline:
2010-06-17 - Vulnerability reported to vendor
2010-12-14 - Coordinated public release of advisory
|
|
|
|
|
