62810 : Microsoft IE iepeers.dll Use-After-Free Arbitrary Code Execution
Printer | http://osvdb.org/62810 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
27	6569	about 3 years ago	over 2 years ago	33 times	100%

Timeline

Disclosure Date
2010-03-09

Description

Microsoft Windows Internet Explorer contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an attacker utilizes a remote memory-corruption vulnerability in Internet Explorer by inserting malicious code into a site and when Internet Explorer attempts to parse the attack page, the remote attacker to gain privileges of the currently logged-in user viewing the malicious site.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a critical patch (MS10-018) to address this vulnerability.

Products

Microsoft Corporation	Internet Explorer	7
		6

References

Exploit Database: 11683
CVE ID: 2010-0806 (see also: NVD)
Bugtraq ID: 38615
Secunia Advisory ID: 38860
SCIP VulDB ID: 4091
Metasploit ID: 62810
CERT VU: 744549
Microsoft Knowledge Base Article: 980182 981374
VUPEN Advisory: ADV-2010-0567
Vendor Specific News/Changelog Entry: http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
http://www.microsoft.com/technet/security/advisory/981374.mspx
News Article: http://blogs.technet.com/msrc/archive/2010/03/29/internet-explorer-cumulative-update-releasing-out-of-band.aspx
http://news.cnet.com/8301-27080_3-20000392-245.html
http://threatpost.com/en_us/blogs/microsoft-warns-new-ie-zero-day-attacks-030910
http://www.avertlabs.com/research/blog/index.php/2010/03/30/microsoft-releases-out-of-cycle-bulletin-ms10-018/
http://www.computerworld.com/s/article/9168138/Microsoft_warns_of_new_IE_bug_attacks_under_way
http://www.computerworld.com/s/article/9168838/Hackers_exploit_latest_IE_zero_day_with_drive_by_attacks
http://www.computerworld.com/s/article/9174018/Security_companies_warn_of_uptick_in_new_IE_attack
http://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=224200808
http://www.krebsonsecurity.com/2010/03/microsoft-warns-of-internet-explorer-0day/
http://www.networkworld.com/news/2010/031110-ie-zero-day-exploit-code-goes.html
http://www.theregister.co.uk/2010/03/15/microsoft_ie_fixes/
http://www.theregister.co.uk/2010/03/29/ie_emergency_fix/
Generic Exploit URL: http://immunitysec.com
http://www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/
http://www.saintcorporation.com/cgi-bin/exploit_info/ie_iepeers_useafterfree
Generic Informational URL: http://vimeo.com/10087463
Other Advisory URL: http://www.microsoft.com/technet/security/advisory/981374.mspx
http://www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/
Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/advisory/981374.mspx
Microsoft Security Bulletin: MS10-018

Tools & Filters

Snort	16482
	45378
	ie_peers_setattribute

Credit

ADLab - VenusTech

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2010-03-11 | Disagree? | There are 1 more: View All

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.