(MS10-035) Microsoft HTML Element Memory Corruption Vulnerability (982381)

Threat Detail

Vulnerability Type: Logic error

Impact of Exploitation: Website with malicious content

CVE Reference: N/A

Next Steps:

Overview
Timeline
Recommendations
McAfee Product Mitigation
Additional Resources

Overview

A vulnerability exists in Microsoft Internet Explorer that could result in remote code execution.

A vulnerability exists in Microsoft Internet Explorer that could result in remote code execution. The vulnerability is in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted in the IE8 Developer Toolbar. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When the page is viewed, the vulnerability could allow remote code execution.

Attack Vector

Website with malicious content

User Interaction

no user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Internet Explorer 8,

Timeline

2010-06-08

Vendor has provided a patch.

Recommendations

The vendor has released an update to address this issue
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx

Recommendations McAfee Product Mitigation

AID

HTTP: Microsoft Internet Explorer IEDTViewSource ActiveX Component Found

Release Date
2010-06-08

HIP

Generic Buffer Overflow Protection

Release Date
2007-06-28

HIP

Vulnerability in Microsoft Internet Explorer 8 Developer Tools Could Allow Remote Code Execution

Release Date
2010-06-08

VSE

Generic Buffer Overflow Protection

Release Date

VSE 8.5

Generic Buffer Overflow Protection

Release Date

VSE 8.7

Generic Buffer Overflow Protection

Release Date

VIL

DATs

Release Date

Additional Resources

(MS10-035) Microsoft HTML Element Memory Corruption Vulnerability (982381)
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx