Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962) InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)

Published: 2010-11-03
Last Updated: 2010-11-07 14:30:10 UTC
by Kevin Liston (Version: 6)
5 comment(s)

Microsoft has announced a vulnerability in all currently-supported versions of Internet Explorer (6 through 8) that could allow the execution of arbitrary code (advisory 2458511- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx.) This would likely be leveraged in a drive-by-exploit scenario. They state that DEP (Data Execution Prevention) and Protected Mode are mitigating factors.

 

UPDATE: Symantec has details on the targeted attack here: http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks

UPDATE2: Added MSRC Blog link.

UPDATE3: Added CVSS Base.

UPDATE4: Noting that exploit code is in the wild.

UPDATE5: IDS signatures are available

CVSS Base: 9.3
Exploit code: publicly-available
Workarounds: available, DEP, EMET, and CSS-override.
Patches: unavailable
IDS signatures: available

Keywords:
5 comment(s)
Diary Archives