JPCERT-AT-2010-0007: Out-of-band patch released for Internet Explorer
ms10-mar: Microsoft Security Bulletin Summary for March 2010 (MS10-018)
Included in this advisory are updates for newly discovered vulnerabilities.
TA10-089A: Microsoft Internet Explorer Vulnerabilities
Via US-CERT Mailing List
Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Uninitialized Memory Corruption Vulnerability (CVE-2010-0806, MS10-018)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-018 to address this issue.
Microsoft Releases Out-of-Band Security Bulletin Update
US-CERT Current Activity
Microsoft has released an update to its Security Bulletin Summary for March 2010 and has included the out-of-band bulletin MS10-018.
ThreatCON (2) => (2)
Microsoft has issued an out of band Security Bulletin (MS10-018) to address an unpatched Internet Explorer issue which is being actively exploited. Additionally Microsoft is patching 9 privately reported vulnerabilities.
SANS Internet Storm Center|
OOB Update for Internet Explorer MS10-018
This update resolves 10 different vulnerabilities in Internet Explorer, of which the most severe impact can be execution of arbitrary code. All versions of IE from 5.01 to 8.0 are affected to varying degrees. Both servers and workstations should be updated. The update replaces MS10-002, and addresses the MS Advisory 981374 vulnerability.
ms10-mar: Microsoft Security Bulletin (MS10-018) Advance Notification for March 2010 (out-of-band)
This is an advance notification of one out-of-band security bulletinthat Microsoft is intending to release on March 30, 2010.
JVNTR-2010-09: Microsoft Internet Explorer iepeers.dll use-after-free vulnerability (VU#744549)
Zero Day Initiative (ZDI)|
ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability
Memory Corruption Vulnerability (CVE-2010-0805, MS10-018) Reported
The specific flaw exists within the Tabular Data Control ActiveX module. Specifically, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. This can be leveraged to execute arbitrary code under the context of the current user.
Zero Day Initiative (ZDI)|
ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability
HTML Object Memory Corruption Vulnerability (CVE-2010-0492, MS10-018) Reported
The issue is located within the CTimeAction object. During handling of the TIME2 behavior, an attacker can trick the application into destroying the markup causing the application to reference memory that has previously been freed. Successful exploitation can lead to code execution under the context of the application.
Microsoft Internet Explorer 'onreadystatechange' Use After Free Vulnerability
HTML Object Memory Corruption Vulnerability (CVE-2010-0491, MS10-018)
The vulnerability occurs when an HTML object with an 'onreadystatechange' event handler is not properly freed. This event is used to perform actions when the state of some HTML object changes; for example, when a form has data input. Specifically, when certain properties of the object are changed, the event handler function object is freed, but a reference to it remains. When the object is later accessed, this invalid memory is treated as an object pointer, and one of its members is used to make an indirect function call.