(MS10-035) Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability (982381)

Overview

A vulnerability exists in Microsoft Internet Explorer that could result in remote code execution.

A vulnerability exists in Microsoft Internet Explorer that could result in remote code execution. The vulnerability is in the way that Internet Explorer accesses an object that hasn't been correctly initialized or has been deleted. The vulnerability could be exploited by constructing a specially crafted Web page. When the web page is viewed, the vulnerability could allow remote code execution.

Attack Vector

Website with malicious content

User Interaction

no user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Internet Explorer   8,

Timeline

2010-06-08

Vendor has provided a patch.

Recommendations

The vendor has released an update to address this issue
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx

Recommendations McAfee Product Mitigation

AID

HTTP: Microsoft Internet Explorer SSA Uninitialized Memory Corruption Vulnerability

  • Release Date
    2010-06-08

HIP

Generic Buffer Overflow Protection

  • Release Date
    2007-06-28

Additional Resources

(MS10-035) Microsoft Internet Explorer toStaticHTML Information Disclosure Vulnerability (982381)
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx