Status Tracking Note JVNTR-2010-04

Microsoft Internet Explorer Vulnerabilities (TA10-021A)

Overview

Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer.
Event Information


Date (UTC)Description
2010-01-22 02:28 JPCERT/CC
JPCERT-AT-2010-0004: Zero-day Vulnerability in Microsoft Internet Explorer
2010-01-21 23:24 Microsoft
ms10-jan: Microsoft Security Bulletin Summary for January 2010
Included in this advisory are updates for newly discovered vulnerabilities.
2010-01-21 21:21 Microsoft
Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-002 to address this issue.
2010-01-21 20:54 US-CERT
TA10-021A: Microsoft Internet Explorer Vulnerabilities
Via US-CERT Mailing List
2010-01-21 17:57 US-CERT
Microsoft Releases Cumulative Security Update for Internet Explorer
US-CERT Current Activity
Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code.
2010-01-20 21:14 Microsoft
ms10-jan: Microsoft Security Bulletin Advance Notification for January 2010 (out-of-band)
This is an advance notification of one out-of-band security bulletinthat Microsoft is intending to release on January 21, 2010.
2010-01-19 21:16 Symantec
ThreatCON (2) => (2)
The ThreatCon is at level 2. Microsoft has released a security advisory and mitigation for a new unpatched vulnerability affecting Internet Explorer.
2010-01-18 08:01 JPCERT/CC
JPCERT-AT-2010-0004: Zero-day Vulnerability in Microsoft Internet Explorer
2010-01-15 21:35 SANS Internet Storm Center
Exploit code available for CVE-2010-0249
The details for CVE-2010-0249 aka Microsoft Security Advisory 979352 (http://www.microsoft.com/technet/security/advisory/979352.mspx) aka the Aurora exploit has been made public. It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code.
2010-01-15 17:29 McAfee
"Aurora" Exploit In Google Attack Now Public
McAfee Security Insights Blog
Computer code that exploits a yet-to-be-patched vulnerability in Internet Explorer is now publicly available on the Internet.
2010-01-15 CERTA (Centre d'Expertise Gouvernemental de Reponse et de Traitement des Attaques informatique)
Vulnerabilite dans Microsoft Internet Explorer
2010-01-15 BSI (Bundesamt fur Sicherheit in der Informationstechnik)
Kritische Sicherheitslucke im Internet Explorer
2010-01-15 Bugtraq
Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability
Vulnerability Proof Of Concept (CVE-2010-0249)
#Cid: 37815.py
#Tested: cpe:/o:microsoft:windows_xp::sp2 + cpe:/a:microsoft:ie:6
2010-01-14 23:54 Microsoft
Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Advisory published.
Microsoft is investigating new public reports of a vulnerability in Internet Explorer.
2010-01-14 22:49 US-CERT
Microsoft Releases Security Advisory 979352
US-CERT Current Activity
Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.
2010-01-14 22:19 SANS Internet Storm Center
0-day vulnerability in Internet Explorer 6, 7 and 8
Microsoft just published an advisory about a critical security vulnerability in all versions of Internet Explorer.
2010-01-14 20:48 McAfee
More Details on "Operation Aurora"
Computer Security Research - McAfee Labs Blog
Earlier today, George Kurtz posted an entry, 'Operation "Aurora" Hit Google, Others', on the McAfee's Security Insight blog. The purpose of this blog is to answer questions about this particular attack; fill in some of the threat flow and McAfee coverage details.
2010-01-14 15:34 McAfee
Operation "Aurora" Hit Google, Others
McAfee Security Insights Blog
McAfee Labs has been working around the clock, diving deep into the attack we are now calling Aurora that hit multiple companies and was publicly disclosed by Google on Tuesday.
2010-01-13 McAfee
Exploit-Comele
2010-01-12 12:00 Google
A new approach to China
2009-08-14 Zero Day Initiative (ZDI)
ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability
HTML Object Memory Corruption Vulnerability (CVE-2010-0248) Reported
The specific flaw exists in the handling of cloned DOM objects in JavaScript. A specially crafted sequence of object cloning can result in the use of a pointer after it has been freed. Successful exploitation can lead to remote system compromise under the credentials of the currently logged in user.
2009-07-16 Zero Day Initiative (ZDI)
ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability
Uninitialized Memory Corruption Vulnerability (CVE-2010-0246) Reported
The specific flaw exists due to the application rendering intertwined strike and center tags containing an element that manipulates the font baseline such as 'sub' or 'sup'. When this element pointer is removed the application will later dereference it even though it has been freed. Successful exploitation can lead to arbitrary code execution under the context of the currently logged in user.
2009-07-14 Zero Day Initiative (ZDI)
ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability
Uninitialized Memory Corruption Vulnerability (CVE-2010-0245) Reported
The specific flaw exists when specific elements are used within a table container. If one of these elements is removed the application will unlink the element from the layout tree incorrectly. When this tree is later traversed, the application will reuse the object that has been freed which can lead to code execution under the context of the current user.
2009-07-14 Zero Day Initiative (ZDI)
ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability
Uninitialized Memory Corruption Vulnerability (CVE-2010-0244) Reported
The specific flaw exists when a Col element is used within an HTML table container. If this element is removed while the table is in use a cache that exists of the table's cells will be used after one of it's elements has been invalidated. This can lead to code execution under the context of the currently logged in user.

Reference

Date first published (UTC): 2010-01-23T03:31+00:00
Date last updated (UTC): 2010-01-23T03:31+00:00
Valid HTML 4.01!