Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [NT] Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability
> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx]
> Sent: Wednesday, February 13, 2008 10:59 AM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [NT] Microsoft Internet Explorer SVG
> animateMotion.by Code Execution Vulnerability
>
> - - - - - - - - -
>
>
>
> Microsoft Internet Explorer SVG animateMotion.by Code
> Execution Vulnerability
>
>
>
> A vulnerability allows remote attackers to execute arbitrary
> code on vulnerable installations of Microsoft Internet
> Explorer. User interaction is required to exploit this
> vulnerability in that the target must visit a malicious page.
>
>
> The specific flaw exists in the handling of the "by" property
> of an animateMotion SVG element. By assigning other DOM
> elements to this property, a memory corruption occurs during
> the destruction of a Variant data type. The corruption causes
> an overwrite of a virtual function address allowing for the
> execution of arbitrary code.
>
> Vendor Response:
> Microsoft has issued an update to correct this vulnerability.
> More details can be found at:
> http://www.microsoft.com/technet/security/Bulletin/MS08-010.mspx
>
> Disclosure Timeline:
> 2007.09.17 - Vulnerability reported to vendor
> 2008.02.12 - Coordinated public release of advisory
>
> CVE Information:
> CVE-2008-0077
> <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0077>
>
>
> Additional Information:
> The information has been provided by The Zero Day Initiative
> (ZDI) <mailto:zdi-disclosures@xxxxxxxx> .
> The original article can be found at:
> http://www.zerodayinitiative.com/advisories/ZDI-08-006.html
>
>
|