Internet Explorer COL SPAN Heap Overflow

2012-08-0600:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.8%

JSON

Added: 08/06/2012
CVE: CVE-2012-1876
BID: 53848
OSVDB: 82866

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Internet Explorer allows websites to utilize Javascript to create dynamic web content. As such, websites can include scripts that modify the website at run-time. The browser needs to manage the modifications of objects that are altered at run-time. Internet Explorer does not properly handle memory allocations when a modification to the SPAN attribute of table COL field is made, where the table table-layout style is set to ‘fixed’. This can result in an exploitable heap overflow condition.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 12-037.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-093/>
<http://www.microsoft.com/technet/security/bulletin/MS12-037.mspx>
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;2699988>

Limitations

This exploit has been tested against Microsoft Internet Explorer 8 with KB2675157 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).