Update – according to the Microsoft Security Response Center ( http://blogs.technet.com/msrc/archive/2009/11/23/microsoft-security-advisory-977981-released.aspx ), IE 7 in Vista Runs CAN run in protected mode and that reduces the risk by requiring a user to authorize a change that would otherwise be made to system files.
INFORMATION SHARING AND ANLAYSIS CENTER CYBER SECURITY
Vulnerability in Microsoft Internet
Explorer Could Allow Remote Code Execution
vulnerability has been discovered in Microsoft’s web browser, Internet Explorer,
which could allow an attacker to take complete control of an affected system.
At this point in time, no patches are
available for this vulnerability. Exploitation may occur if a user
visits a web page which is specifically crafted to take advantage of this
vulnerability. Successful exploitation could result in an attacker gaining the
same privileges as the logged on user. Depending on the privileges associated
with the user, an attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. Failed attacks may cause
Exploit code has been published and is publically
- Microsoft Internet Explorer
- Microsoft Internet Explorer
- Large and medium government
- Small government entities: High
- Large and medium business entities:
- Small business entities: High
vulnerability has been identified in Microsoft Internet Explorer that could
allow remote code execution which is caused by a buffer-overflow condition due
to a malformed record value. This vulnerability can be triggered by opening a
specially crafted web page
or by clicking on a link in an email. The vulnerability is related
to the handling of the ‘Style’ HTML tag when accessed via the
the attacker to corrupt memory and influence a dangling function pointer in the
Microsoft HTML viewer.
Successful exploitation could allow
an attacker to execute arbitrary code on the affected system. Depending on the
privileges associated with the user, the attacker could then install programs;
view, change, or delete data; or create new accounts with full privileges.
Failed exploitation could result in denial-of-service
Exploit code has been published and is publically available. We have confirmed
in our lab that the current exploit code causes a denial of service
the following actions be taken:
- Consider disabling Active Scripting
until a vendor patch is applied.
- Consider upgrading to Microsoft
Internet Explorer 8.
- If your organization has deployed
alternate browsers, recommend staff utilize an alternate browser not currently
vulnerable to this attack.
- Install the appropriate vendor patch
as soon as it becomes available after appropriate
- Run all software as a non-privileged
user (one without administrative privileges) to diminish the effects of a
- Remind users not to visit un-trusted
websites or follow links provided by unknown or un-trusted
- If you believe you have been
affected by targeted attacks exploiting this vulnerability, please follow your
organization’s policies for incident reporting.