ID: 3909
Date: 24/11/2009
Title: 3909 - Vulnerability in Internet Explorer Could Allow Remote Code Execution
Platform level affected:Operating System
Hardware components affected:Intel PC
Specific operating systems components affected: 32-bit Windows
Other software: Web Browser
Remediation Summary:The manufacturer has reported a problem with this product but has yet to publish a solution. CPNI advise that additional care is exercised when using this product.
Vendors affected:Microsoft
Applications affected:Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Future
Type of fix: Workaround
Source: Microsoft
Reliability of source: Trusted
Source URL: http://www.microsoft.com/technet/security/advisory/977981.mspx
Abstract: A vulnerability in Microsoft Internet Explorer versions 6 and 7 was published on the 20th of November.If successfully exploited, this vulnerability could allow arbitrary code execution or cause a denial of service (DoS) against the local machine. Microsoft Internet Explorer version 8 is not affected.
The vulnerability exists in the way that Internet Explorer uses cascading style sheets (CSS). An unhandled exception could allow an attacker to crash a vulnerable version of Internet Explorer or to execute arbitrary code. This attack requires JavaScript to be enabled and cannot be executed autonomously; a user must be enticed to visit a malicious web page in order to be affected.
CSIRTUK have received reports of a possible exploit of this vulnerability but is not currently aware of any attacks. We will continue to monitor the situation. For further information about the vulnerability and for mitigation advice see http://www.microsoft.com/technet/security/advisory/977981.mspx
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Tue, 24 Nov 2009 00:00:00 GMT
Domain affected: Technical