CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code. The vulnerability can be triggered when Internet Explorer or a program that uses Internet Explorer’s components renders a document that contains more than one reference to the same data source. This flaw can cause an invalid array size and result in the accessing of memory space of a deleted object. Specially crafted content that performs data binding, such as an XML or HTML document, can cause IE to crash in a way that is exploitable. Limited testing has shown this vulnerability to affect Internet Explorer 6 and later, up to and including Internet Explorer 8 Beta 2. However, all versions of Internet Explorer from 4.0 and on may be at risk. We have confirmed that Outlook Express is also at risk. Exploit code for this vulnerability is publicly available.
By convincing a user to view a specially crafted document that performs data binding (e.g., a web page or email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
This issue is addressed in Microsoft Security Bulletin MS08-078. This update provides new versions of mshtml.dll
and wmshtml.dll
, depending on the target operating system. More details are available in Microsoft Knowledge Base Article 960714. Consider the following workarounds if you are unable to apply the update:
Disable the Microsoft OLE DB Row Position Library COM object
The most effective way of mitigating this vulnerability appears to be to disable the Microsoft OLE DB Row Position Library COM object. As outlined in the Microsoft Security Advisory, delete the following registry key:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}]
Note that once this change is made, all ADO (ActiveX Data Objects) applications that use the RowPosition property and related information and all OLE DB applications that use the OLE DB Row Position Library will not function properly.
Disable Active Scripting
This vulnerability can be mitigated by disabling Active Scripting in the Internet Zone, as specified in the “Securing Your Web Browser” document. Note that this will not block the vulnerability. IE still may crash when parsing specially crafted XML content. Disabling Active Scripting will mitigate a common method used to achieve code execution with this vulnerability.
Enable DEP in Internet Explorer 7
Enabling DEP in Internet Explorer 7 on Windows Vista can help mitigate this vulnerability by making it more difficult to achieve code execution using this vulnerability.
493881
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 09, 2008 Updated: December 17, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
This issue is addressed in Microsoft Security Bulletin MS08-078. This update provides new versions of mshtml.dll
and wmshtml.dll
, depending on the target operating system. More details are available in Microsoft Knowledge Base Article 960714.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23493881 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Will Dormann.
CVE IDs: | CVE-2008-4844 |
---|---|
Severity Metric: | 72.14 Date Public: |
blogs.msdn.com/michael_howard/archive/2006/12/12/update-on-internet-explorer-7-dep-and-adobe-software.aspx
blogs.technet.com/msrc/archive/2008/12/12/friday-update-for-microsoft-security-advisory-961051.aspx
msdn.microsoft.com/en-us/library/ms531388(vs.85).aspx
secunia.com/advisories/33089/
support.microsoft.com/kb/960714
www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/
www.microsoft.com/technet/security/advisory/961051.mspx
www.microsoft.com/technet/security/bulletin/ms08-078.mspx
www.scanw.com/blog/archives/303