|
| |
|
Security Intelligence Operations
Microsoft Internet Explorer HTML Object Processing Memory Corruption Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unintended Weakness: Arbitrary Code Execution |
|
| IntelliShield ID: | 16826 |
| Version: | 1 |
| First Published: | October 14, 2008 02:50 PM EDT |
| Last Published: | October 14, 2008 02:50 PM EDT |
| Vector: | Network |
| Authentication: | None |
| Exploit: | Unproven |
| Port: |
Not Available
|
| CVE: | CVE-2008-3476 |
| BugTraq ID: | 31618 |
| |
| Urgency: |
Unlikely Use
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Moderate Damage
|  |
| CVSS Base: | 9.3 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 6.9 |
|
|
| |
| Version Summary: | Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user. Updates are available. |
| |
| |
| Description |
|
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to cause a crash of the affected browser or execute arbitrary code.
This vulnerability exists due to insufficient processing of HTML elements. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious website. If successful, the attacker could cause Internet Explorer to terminate or execute arbitrary code with the privileges of the user.
Microsoft has confirmed this vulnerability in a security bulletin and released software updates. |
| |
| Warning Indicators |
|
Microsoft Internet Explorer versions 5.01 SP4 and prior and Internet Explorer 6.0 SP1 and prior are vulnerable on the following operating systems:
- Windows 2000 SP4 and prior
- Windows XP SP3 and prior
- Windows XP Professional x64 Edition SP2 and prior
- Windows Server 2003 SP2 and prior
- Windows Server 2003 for Itanium-based Systems SP2 and prior
- Windows Server 2003 x64 Edition SP2 and prior
|
| |
| IntelliShield Analysis |
|
To exploit this vulnerability, an attacker must convince a user to open malicious HTML content in an affected browser application. This action likely requires user interaction. However, the attacker may be able to exploit the vulnerability without direct user interaction by injecting malicious HTML content within public, third-party sites. The attacker may also attempt to direct users to malicious sites by convincing them to follow a provided link.
If an exploit is successful, the attacker could execute arbitrary code with the privileges of the user. If that user holds Administrator privileges, the attacker could execute code resulting in a complete system compromise. Systems that restrict user privileges may be less at risk in the event of an exploit because any code execution would run with limited privileges.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the October 2008 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for October 2008
Microsoft has corrected the vulnerability by modifying the way HTML elements are processed within Internet Explorer. |
| |
| Vendor Announcements |
|
Microsoft has released a security bulletin at the following link: MS08-058 |
|
| |
| Impact |
|
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user. If the user holds Administrator privileges, an exploit may result in a complete system compromise. |
| |
| Technical Information |
|
This vulnerability exists due to insufficient processing of HTML elements. Internet Explorer may perform improper memory operations as the result of processing malformed HTML objects, resulting in memory corruption. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious website. The attacker could leverage the resulting memory corruption to execute arbitrary code with the privileges of the user. |
| |
| Safeguards |
|
Administrators are advised to apply the appropriate updates.
Users are advised not to open e-mail from untrusted sources.
Users are advised not to follow unsolicited links. Users should verify the authenticity of an unexpected link from a trusted source prior to following it.
Users are advised to run applications with the least privileges necessary. |
| |
| Patches/Software |
|
Microsoft has released updated software at the following links:
|
|
| Signatures |
| |
|
|
| |
| Alert History |
| |
Initial Release |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
| |
