(MS10-035) Microsoft Internet Explorer Memory Corruption Vulnerability (982381)

Threat Detail

Vulnerability Type: Logic error

Impact of Exploitation: Website with malicious content

CVE Reference: N/A

Next Steps:

Overview
Timeline
Recommendations
Additional Resources

Overview

A vulnerability exists in Microsoft Internet Explorer that could result in remote code execution.

A vulnerability exists in Microsoft Internet Explorer that could result in remote code execution. The vulnerability is in the way that Internet Explorer accesses an object that hasn't been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When the web page is viewed, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

Attack Vector

Website with malicious content

User Interaction

no user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Internet Explorer 7 Windows Server 2003 SP2,
Internet Explorer 7 Windows Server 2003 X64 Edition SP2,
Internet Explorer 7 Windows Server 2008 Itanium Edition,
Internet Explorer 7 Windows Vista SP1,
Internet Explorer 7 Windows Vista X64 Edition SP1,
Internet Explorer 7 Windows XP Professional X64 Edition SP2,
Internet Explorer 7 Windows XP SP2,
Internet Explorer 8,

Timeline

2010-06-08

Vendor has provided a patch.

Recommendations

The vendor has released an update to address this issue
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx

Recommendations McAfee Product Mitigation

Additional Resources

(MS10-035) Microsoft Internet Explorer Memory Corruption Vulnerability (982381)
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx