Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft IE Multiple HTML Objects Memory Corruption Vulnerabilities
Date Discovered: 08/12/2008
Severity: High
Applications Affected: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6 SP1
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Synopsis
Microsoft Internet Exeplorer is prone to multiple HTML objects memory corruption Vulnerabilities. This vulnerability exists in Internet Explorer due to attempts to access uninitialized memory or an object that has not been correctly initialized or that has been deleted in certain situations.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx
Threat Analysis
When Internet Explorer attempts to access uninitialized memory in certain situations, it may corrupt memory in such a way that an attacker could execute arbitrary code.

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.An attacker could then install programs, view, change, delete data, or create new accounts with full user rights.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2254
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2255
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2256
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2257
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2258
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2259

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map