Threat Level: green Handler on Duty: Rick Wanner

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)

Published: 2010-11-03
Last Updated: 2010-11-07 14:30:10 UTC
by Kevin Liston (Version: 6)
5 comment(s)

Microsoft has announced a vulnerability in all currently-supported versions of Internet Explorer (6 through 8) that could allow the execution of arbitrary code (advisory 2458511- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx.) This would likely be leveraged in a drive-by-exploit scenario. They state that DEP (Data Execution Prevention) and Protected Mode are mitigating factors.

 

UPDATE: Symantec has details on the targeted attack here: http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks

UPDATE2: Added MSRC Blog link.

UPDATE3: Added CVSS Base.

UPDATE4: Noting that exploit code is in the wild.

UPDATE5: IDS signatures are available

CVSS Base: 9.3
Exploit code: publicly-available
Workarounds: available, DEP, EMET, and CSS-override.
Patches: unavailable
IDS signatures: available

Keywords:
5 comment(s)
SANS SEC503: Intrusion Detection In-Depth. Gain the technical knowledge, insight, and hands-on training you need to defend your network with confidence.
Top of page
Diary Archives