Overview
Microsoft Internet Explorer (IE) does not safely reference CSS style elements. Using a specially crafted HTML page, an attacker can cause IE to crash and potentially execute arbitrary code.
Description
IE contains a vulnerability in the way it references CSS style elements. Processing a specially crafted HTML page could cause IE to access an invalid memory location and crash. Using heap-spraying techniques, an attacker could leverage the crash to execute arbitrary code. Please see Microsoft Security Advisory (977981). |
Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker could execute arbitrary code with the privileges of the user. |
Solution
A complete solution is not available. |
Disable Active scripting |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.microsoft.com/technet/security/advisory/977981.mspx
- http://www.securityfocus.com/archive/1/507984/30/0/threaded
- http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published
- http://www.computerworld.com/s/article/9141278/New_attack_fells_Internet_Explorer
- http://seclists.org/bugtraq/2009/Nov/148
- http://blogs.msdn.com/ie/archive/2008/04/08/ie8-security-part-I_3A00_-dep-nx-memory-protection.aspx
Acknowledgements
This vulnerability was publicly disclosed by info@securitylab.ir and/or K4mr4n_st@yahoo.com.
This document was written by Art Manion.
Other Information
| CVE IDs: | CVE-2009-3672 |
| Severity Metric: | 29.25 |
| Date Public: | 2009-11-20 |
| Date First Published: | 2009-11-25 |
| Date Last Updated: | 2009-11-27 19:09 UTC |
| Document Revision: | 17 |