‘Microsoft Internet Explorer Animation Use-after-free Vulnerability’

Summary

Microsoft Internet Explorer contains a Vulnerability caused by use-after-free vulnerability when handling certain animation behaviours.’

Credit:

‘The information has been provided by Nicolas Joly.
The original article can be found at: http://seclists.org/bugtraq/2010/Dec/158


Details

Vulnerable Systems:
 * Internet Explorer 6 for Windows XP Service Pack 3
 * Internet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2
 * Internet Explorer 6 for Windows Server 2003 Service Pack 2
 * Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 2
 * Internet Explorer 6 for Windows Server 2003 SP2 (Itanium)

The vulnerability is caused by a use-after-free vulnerability when handling certain animation behaviours, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page.

Patch Availability:
Apply MS10-090 security updates:
http://www.microsoft.com/technet/security/bulletin/ms10-090.mspx

CVE Information:
CVE-2010-3343

Disclosure Timeline:
2010-04-29 – Vendor notified
2010-04-29 – Vendor response
2010-12-01 – Status update received
2010-12-14 – Coordinated disclosure’

Categories: Windows