Zero Day Remote Code Execution Vulnerability in Internet Explorer
( Microsoft Security Advisory 2488013, CVE-2010-3971 )
Summary
A memory corruption vulnerability has been reported in the way Microsoft Internet Explorer parses an HTML page that references a CSS file containing certain "@import" rules . A remote attacker could exploit this issue by convincing a user to either visit a specially crafted HTML document or open a malicious Web page. Successful exploitation could result in remote code execution on the target system.
Details
CSS (Cascading Style Sheets) is a formatting method for Web pages using HTML.
The vulnerability is due to a "use-after-free" uninitialized memory vulnerability in the CSS parser found in the mshtml.dll component of Internet Explorer. To trigger this issue, an attacker may create a malicious Web page that will cause Internet Explorer to exit unexpectedly. Successful exploitation of this vulnerability will crash the browser, and may allow execution of arbitrary code on the vulnerable system.
This exploit is unusual in that it circumvents the Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) features of Windows 7 by forcing the operating system to load outdated .Net dynamic link libraries (DLLs) that do not have ASLR enabled.
Affected Systems
This issue affects the following versions of Internet Explorer:
- IE6 on Windows XP and Windows Server 2003
- IE7 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
- IE8 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Please consult CPAI-2010-349 for more detailed operating system version information.
Solution
Check Point IPS Software Blade, IPS-1, and NGX SmartDefense provides network protection by detecting and blocking attempts to exploit this issue. For more information, see CPAI-2010-349.
Originally Published:
Last Updated: 27-Dec-2010