Internet Explorer CSS Import Rule Processing Use-After-Free Vulnerability Date: Monday, December 20, 2010 @ 20:40:25 CST Topic: Security SECUNIA ADVISORY ID: SA42510 VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42510/ CRITICALITY: Highly Critical RELEASE DATE: 2010-12-21 DESCRIPTION: A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error when processing Cascading Style Sheets (CSS) and can be exploited to dereference freed memory via e.g. a specially crafted CSS file containing multiple import rules. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP SP3 system. SOLUTION: Do not browse untrusted websites. PROVIDED AND/OR DISCOVERED BY: sec yun ORIGINAL ADVISORY: http://www.wooyun.org/bugs/wooyun-2010-0885 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3872