Home / Cyber Advisories

---

MS-ISAC ADVISORY NUMBER:
2008-005

DATE(S) ISSUED:
2/12/2008

SUBJECT:
Multiple Vulnerabilities in Internet Explorer Could Allow Remote Code Execution

OVERVIEW:
Four vulnerabilities have been discovered in Microsoft Internet Explorer that could allow an attacker to take complete control of an affected system. These vulnerabilities can be exploited if a user visits a specifically crafted web page. Successful exploitation will result in an attacker gaining the same user privileges as the logged on user. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. Failed exploit attempts will result in a denial-of-service condition.

SYSTEMS AFFECTED:

• Microsoft Internet Explorer 5.01 for Windows
  
• Microsoft Internet Explorer 6 for Windows
  
• Microsoft Internet Explorer 7 for Windows
  

RISK:
Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: High

DESCRIPTION:
Four vulnerabilities have been discovered in Microsoft Internet Explorer that could allow an attacker to take complete control of an affected system. Details of these vulnerabilities are as follows:

Microsoft Internet Explorer HTML Rendering Remote Vulnerability
An HTML rendering vulnerability has been discovered which allows an attacker to execute arbitrary code on affected systems. This vulnerability is the result of how Internet Explorer handles specific combinations of HTML layout tags.

Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability
A memory corruption vulnerability has been found in the way Internet Explorer handles a script that calls a property method, which results in corruption of system memory in such a way that an attacker could execute arbitrary code.

Microsoft Internet Explorer Argument Handling Remote Memory Corruption Vulnerability
Another memory corruption vulnerability has been found that resides in the ‘dxtmsft.dll’ library, which is used by DirectX media. The exploitation of this vulnerability results in corruption of system memory in such a way that an attacker could execute arbitrary code.

Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability
A buffer overflow vulnerability has been discovered which allows an attacker to execute arbitrary code on affected systems. This vulnerability resides in a component of FoxPro but, vulnerable ActiveX components can be accessed through Internet Explorer.

All of these vulnerabilities can be exploited by an attacker if a user visits a specially crafted malicious web site. Successful exploitation could allow an attacker to execute arbitrary code on the system. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges.

RECOMMENDATIONS:
We recommend that the following actions be taken:

• Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing. http://www.microsoft.com/technet/security/bulletin/MS08-010.mspx
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Do not visit unknown or un-trusted Web sites or click on links provided in an email.

REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS08-010.mspx

SecurityFocus:
http://www.securityfocus.com/bid/27668

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0077
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0078
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0079
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4790

Copyright © 2008 - Privacy Policy - Contact Us