InfoSec Handlers Diary Blog - Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)

SANS ISC: InfoSec Handlers Diary Blog - Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)

Published: 2010-11-03
Last Updated: 2010-11-07 14:30:10 UTC
by Kevin Liston (Version: 6)

5 comment(s)

Microsoft has announced a vulnerability in all currently-supported versions of Internet Explorer (6 through 8) that could allow the execution of arbitrary code (advisory 2458511- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx.) This would likely be leveraged in a drive-by-exploit scenario. They state that DEP (Data Execution Prevention) and Protected Mode are mitigating factors.

UPDATE: Symantec has details on the targeted attack here: http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks

UPDATE2: Added MSRC Blog link.

UPDATE3: Added CVSS Base.

UPDATE4: Noting that exploit code is in the wild.

UPDATE5: IDS signatures are available

CVSS Base: 9.3
Exploit code: publicly-available
Workarounds: available, DEP, EMET, and CSS-override.
Patches: unavailable
IDS signatures: available

Keywords:

5 comment(s)

Top of page

Diary Archives