MS-ISAC ADVISORY NUMBER:
2008-013

DATE(S) ISSUED:
4/8/2008

SUBJECT:
Cumulative Internet Explorer Update Addresses Critical Data Stream Handling Vulnerability

OVERVIEW:

A vulnerability in Microsoft Internet Explorer could allow an attacker to take complete control of an affected system. The vulnerability may be exploited if a user visits a specifically crafted web page or receives an email with specifically crafted content. Successful exploitation will result in an attacker gaining the same user privileges as the logged on user. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. Failed exploit attempts will result in a denial-of-service condition.

SYSTEMS AFFECTED:

  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7

RISK:
Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: High

DESCRIPTION:
A vulnerability has been found in Microsoft Internet Explorer that could allow an attacker to execute arbitrary code on the affected systems. Internet Explorer contains a data stream handling vulnerability that allows an attacker to execute arbitrary code on affected systems. This vulnerability is the result of how Internet Explorer handles specially crafted data streams. A successful exploit results in a memory corruption condition that allows an attacker to execute arbitrary malicious code.

This vulnerability can be exploited if a user visits a specifically crafted web page or web sites that accept or host user-provided content or advertisements, or receives a specially crafted HTML e-mail.

Successful exploitation could allow an attacker to execute arbitrary code on the system. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges.

RECOMMENDATIONS:
We recommend that the following actions be taken:

  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Do not visit unknown or un-trusted Web sites or click on links provided in an email.
  • Read all e-mail messages in plain text.

REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-024.mspx(New Window)

SecurityFocus:
http://www.securityfocus.com/bid/28552(New Window)

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1085(New Window)


This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.