Info

Disclosure

Mar 30, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Mar 30, 2010

Description

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch (MS10-018) to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1023773
Related OSVDB ID: 1096119 63328 63329 63330 63331 63332 63333 63334 63335
CVE ID: 2010-0492 (see also: NVD)
Bugtraq ID: 39030
Microsoft Knowledge Base Article: 980182
VUPEN Advisory: ADV-2010-0744
News Article: http://blogs.technet.com/msrc/archive/2010/03/29/internet-explorer-cumulative-update-releasing-out-of-band.aspx
http://news.cnet.com/8301-27080_3-20001428-245.html
http://www.avertlabs.com/research/blog/index.php/2010/03/30/microsoft-releases-out-of-cycle-bulletin-ms10-018/
http://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=224200808
http://www.theregister.co.uk/2010/03/29/ie_emergency_fix/
Mail List Post: http://seclists.org/fulldisclosure/2010/Apr/17
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-10-033
Microsoft Security Bulletin: MS10-018

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/63327