Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)
Microsoft has announced a vulnerability in all currently-supported versions of Internet Explorer (6 through 8) that could allow the execution of arbitrary code (advisory 2458511- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx.) This would likely be leveraged in a drive-by-exploit scenario. They state that DEP (Data Execution Prevention) and Protected Mode are mitigating factors.
UPDATE: Symantec has details on the targeted attack here: http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
UPDATE2: Added MSRC Blog link.
UPDATE3: Added CVSS Base.
UPDATE4: Noting that exploit code is in the wild.
UPDATE5: IDS signatures are available
CVSS Base: 9.3
Exploit code: publicly-available
Workarounds: available, DEP, EMET, and CSS-override.
Patches: unavailable
IDS signatures: available
Comments
Kevin
Nov 4th 2010
1 decade ago
Sadly and odd enough, Fix it 50556 (the "CSS-Fix it", MicrosoftFixit50556.msi) has an error in the LaunchCondition of the MSI file, which leeds to an "This Microsoft Fix it does not apply to your operating system or application version" error message executing the MSI file on every Windows version you're trying to install it, abording the installation of the contained user-defined CSS file for Internet Explorer. The culprit is the second LaunchCondition FIXIT_RUN <> "" to be found in the MSI file. By removing this condition, the installation will continue and work as intended (IE will launch once after the installation finished).
I've informed MS about the error yesterday. So far, no reaction. Just in case you don't feel to be able or willing to fix the issue yourself, I'm offering a fixed version of the MSI file via http://patch-info.de/IE/Downloads/MicrosoftFixit50556.msi
Bye,
Freudi
Ottmar Freudenberger
Nov 8th 2010
1 decade ago
- http://thompson.blog.avg.com/2010/11/heads-up-0-day-in-an-exploit-kit.html
November 07, 2010 - "... CVE-2010-3962* is in the Wild, but over the last couple of days, we've begun detecting it in the Eleonore Exploit Kit. This raises the stakes considerably..."
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3962
.
PC.Tech
Nov 8th 2010
1 decade ago
Bye,
Freudi
Ottmar Freudenberger
Nov 11th 2010
1 decade ago
Ottmar Freudenberger
Nov 12th 2010
1 decade ago