|
| |
|
Security Intelligence Operations
Microsoft Internet Explorer Cascading Style Sheet String Parsing Memory Corruption Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unintended Weakness: Arbitrary Code Execution |
|
| IntelliShield ID: | 13940 |
| Version: | 2 |
| First Published: | August 14, 2007 02:35 PM EDT |
| Last Published: | August 23, 2007 07:04 AM EDT |
| Vector: | Network |
| Authentication: | None |
| Exploit: | Unproven |
| Port: |
Not Available
|
| CVE: | CVE-2007-0943 |
| BugTraq ID: | 25288 |
| |
| Urgency: |
Unlikely Use
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Moderate Damage
|  |
| CVSS Base: | 9.3 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 6.9 |
|
|
| |
| Version Summary: | Avaya has released a security advisory to address the Microsoft Internet Explorer Cascading Style Sheets string parsing memory corruption vulnerability. |
| |
| |
| Description |
|
Microsoft Internet Explorer versions 5.01 SP4 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause an affected application to terminate or execute arbitrary code.
This vulnerability exists due to improper parsing of malformed Cascading Style Sheet (CSS) strings. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious website that may corrupt system memory. This memory corruption could allow the attacker to cause Internet Explorer to close or execute arbitrary code with the privileges of the user who launched the affected application.
Microsoft has confirmed this vulnerability in a security bulletin and released software updates to correct it. |
| |
| Warning Indicators |
|
Microsoft Internet Explorer versions 5.01 SP4 and prior are vulnerable when running on Microsoft Windows 2000 SP4 or prior. |
| |
| IntelliShield Analysis |
|
Attackers cannot directly exploit this vulnerability, and instead depend on user interaction. To exploit this vulnerability, an attacker must convince a user to visit a malicious website. As a result, the attacker could cause the affected application to close or execute arbitrary code with the privileges of the user. On systems that grant users Administrator privileges, the attacker could execute arbitrary code, resulting in the complete compromise of the affected system.
The update available from Microsoft corrects this vulnerability by adding checks to properly process CSS strings. |
| |
 Vendor Announcements |
|
Microsoft has released a security bulletin at the following link: MS07-045
Avaya has released a security update at the following link: ASA-2007-364 |
|
| |
| Impact |
|
An unauthenticated, remote attacker could exploit this vulnerability to cause Internet Explorer to terminate or execute arbitrary code with the privileges of the user. If the user holds Administrator privileges, the attacker could gain complete control over the affected system. |
| |
| Technical Information |
|
This vulnerability exists due to improper parsing of malformed CSS strings. When processed in Internet Explorer, a CSS string could trigger a memory corruption condition. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to trigger the memory corruption condition. An exploit could allow an attacker to crash Internet Explorer or execute arbitrary code with the privileges of the user who launched Internet Explorer. |
| |
| Safeguards |
|
Administrators are advised to apply the appropriate software updates.
Users are advised not to open e-mail messages from untrusted sources.
Users are advised to run applications with the lowest necessary privileges.
Users are advised not to follow unsolicited links. Users should verify the authenticity of an unexpected link from a trusted source prior to following it. |
| |
| Patches/Software |
|
Microsoft has released updated software at the following links:
|
|
| |
| Alert History |
| |
Version 1, August 14, 2007, 2:35 PM: Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user. Updates are available. |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
| |
