Vulnerability In IE Lays Open Windows 7 and IE8

A french IT security firm is warning of a previously unknown (“zero day”) vulnerability that affects most versions of Microsoft’s Internet Explorer Web browser. The hole, if exploited, could allow remote attackers to circumvent defensive features in fully patched WIndows 7 and Windows Vista and run malicious code on vulnerable systems.

IE flawA french IT security firm is warning of a previously unknown (“zero day”) vulnerability that affects most versions of Microsoft’s Internet Explorer Web browser. The hole, if exploited, could allow remote attackers to circumvent defensive features in fully patched WIndows 7 and Windows Vista and run malicious code on vulnerable systems.

The warning was first issued by Vupen Security on December 9. The company, based in Montpellier, France, said it had discovered a “use-after-free” error in the mshtml.dll library – IE’s HTML rendering engine – that could allow attackers to take complete control of a vulnerable system.

Use-after-free errors happen when a program continues using a pointer to an area of computer memory after that memory has been freed. In cases, the freed memory can be re-allocated and used to launch attacks, such as buffer overflows, that can result in malicious code being run on a vulnerable system, according to OWASP.

In this case, the flaw could be exploited when IE loaded specially formated Cascading Style Sheets (CSS) files that included @import rules, which allow Web sites to incorporate style sheets from external sites.

According to a blog post from Offensive Security, exploits for the vulnerability can be used to run malicious code on most supported versions of Windows and Internet Explorer, including Microsoft’s latest release: Internet Explorer 8 running on fully patched versions of Windows 7. The exploit, when combined with other attack techniques, allows attackers to bypass two Windows security features, Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR), that are specifically designed to thwart malicious code. A sample exploit targeted at the vulnerability was added to the Metasploit framework on December 20.

Suggested articles

Discussion

  • JL on

    < rant warning > < rant warning > < rant warning > < rant warning > < rant warning >
    Forgive me if i'm missing the point, i'm no native english speaker. But.

    In case there is a vulnerability disclosure we often read COULD but when it concerns protections like DEP and ASLR we rarely read it COULD protect against a threat.

    Whenever I read a post describing threats with "could" i become suspicious. Isn't this just a load of hype being delivered ? What do you mean, COULD. Either it works and is a threat or it does not, or it does/does not in some scenario's.

    Attacks are organised events not something like spontaneous combustion for which one has to wait for it to happen. So not could, it does or it does not within that specific scenario.

    Not like this "In this case, the flaw could be exploited when IE loaded specially formated Cascading Style Sheets (CSS) files that included @import rules, which allow Web sites to incorporate style sheets from external sites."

    Thank you for your time and consideration.

    http://www.englishpage.com/modals/could.html

    <rant ends ><rant ends ><rant ends ><rant ends ><rant ends ><rant ends ><rant ends >

  • Anonymous on

    Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems helps to limit the impact of currently known exploits. An attacker who successfully exploits this vulnerability would have very limited rights on the system.

    An attacker who successfully exploits this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.