Internet Explorer CSS Import Rule Processing Use-After-Free Vulnerability

Posted on Monday, December 20, 2010 @ 21:40:25 PST in Security
by Raven

SECUNIA ADVISORY ID: SA42510

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42510/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-21

DESCRIPTION: A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error when processing Cascading Style Sheets (CSS) and can be exploited to dereference freed memory via e.g. a specially crafted CSS file containing multiple import rules. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP SP3 system.

SOLUTION: Do not browse untrusted websites.

PROVIDED AND/OR DISCOVERED BY: sec yun

ORIGINAL ADVISORY: http://www.wooyun.org/bugs/wooyun-2010-0885
 
 
click Related        click Share
 
 
Associated Topics

Internet


Microsoft
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 344,137,403
  • Today: 19,730
Server InfoServer Info
  • Dec 16, 2017
  • 10:55 am PST
 
 

Daily Inspiration