1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Internet Explorer Data Binding Memory Corruption Vulnerability

Report ID: SA33089
Source: Secunia
Date of Discovery: 10.12.2008
Criticality: Critical
Affects:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x

Compromise From: From remote
Compromise Type: System access

Summary

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

Detailed Description

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
 
The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.
 
Successful exploitation allows execution of arbitrary code.
 
NOTE: Reportedly, the vulnerability is currently being actively exploited.
 
The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected.
 
Original Advisory:
KnownSec:
http://www.scanw.com/blog/archives/303



Solution

Apply patches.
 
Windows 2000 SP4 and Internet Explorer 5.01 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=d3e18732-47f1-40ce-999c-d1fd283bf138
 
Windows 2000 SP4 and Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=124c14b6-9323-4f6f-902b-727aa56444bc
 
Windows XP SP2/SP3 and Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=1d83e0af-46fa-4bfc-ba57-635435a7ef2d
 
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=a585cb73-2c1a-4fa8-862a-ad6aeaeaf2f8
 
Windows Server 2003 SP1/SP2 and Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=d81e9cf9-ce0c-463a-a359-49a348cb89ae
 
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=015df302-d79f-43a1-b5c5-32ac04de0510
 
Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=18016305-7f72-47f6-ab4c-94282289bf5f
 
Windows XP SP2/SP3 and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=0190a289-164e-41a7-8c01-fa1aaed3f531
 
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=9ba71e23-8cef-4399-b215-983b0dcf5cb5

Windows Server 2003 SP1/SP2 and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=388847ec-817e-45cf-8fa7-32c7e1f57f80
 
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=2ae17caf-6204-470e-8480-380d3d505657
 
Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=97d6c093-f68d-4ddf-8e3c-f29662a1940f
 
Windows Vista (optionally with SP1) and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=7887111d-4fac-4823-bdd2-a18d9468fdf0
 
Windows Vista x64 Edition (optionally with SP1) and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=69979d92-8d45-47fe-ac4c-c2f1f23cf1fb
 
Windows Server 2008 for 32-bit Systems and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=5552e564-dd1c-4e2a-9a42-6317522c884d
 
Windows Server 2008 for x64-based Systems and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=889c6eb1-7d1f-4e60-b637-535cb6e4e443
 
Windows Server 2008 for Itanium-based Systems and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=06cb502a-6818-4599-aa24-6eddb83e4b84

Original Reference

CVE-2008-4844