ASA-12-0512-4: Microsoft Internet Explorer Mismatched Document Object Model Remote Code Execution Vulnerability
Vulnerability summary:
| Severity rating: |
|
Critical |
| Date Published: |
|
December 13, 2005 |
| Software Vendor: |
|
Microsoft |
| Affected Software: |
|
Microsoft Internet Explorer |
| Affected OS: |
|
Windows XP (all), Windows Server 2003 (all), Microsoft Windows XP Professional x64 Edition, Windows 2000 (all), Windows 98 (incl. SE), Windows Millennium Edition (ME) |
| Unaffected with: |
|
- |
| Vulnerability class: |
|
Remote Code Execution |
| Status: |
|
Fixed |
Vulnerability details:
Tech brief:
Remote code execution vulnerability exists in how Microsoft Internet Explorer processes mismatched Document Object Model objects. According to the Microsoft's report, an attacker could construct a malicious website and persuade people to visit it. By visiting the site, malicious code can be executed on vulnerable machines with no user interaction, provided that the user accesses the site with an administrator (or root) account.
The Document Object Model (DOM) is a standard maintained by the W3C (World Wide Web Consortium), which regulates how the structure, appearance, and content of Web documents can be updated with scripts or other programs.
This vulnerability enables an attacker to execute code on the target system with elevated privileges. In order to exploit the vulnerability, an attacker would have to get people to visit the site by sending forged email or by displaying an inciting banner that lures people in. After that, no user interaction is required to trigger the remote execution of arbitrary code. Following a successful attack, an attacker would be able to install malicious code on the affected system and access confidential data, or take complete control of the system and attack other Internet hosts.
Vendor reference information:
Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx
General Mitigating Recommendations:Install latest vendor patches available at http://windowsupdate.microsoft.com.
Do not visit doubtful sites or at least limit what executable content can be run on those murky sites.
Know how to identify Internet hoaxes and do not react to them. Try reporting cases to appropriate authorities.
Try using alternate browser such as Firefox or Opera.
How Outpost Firewall PRO protects you:
Outpost controls what internal components of a program are run in memory. Illegitimate ones are automatically blocked from accessing the network. Real-time spyware protection would prevent spyware infestation.
Outpost protects the user's system from unauthorized access and intrusions, and alerts users when malicious code attempts to execute or access the network.
Disclaimer:
The information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn’t accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
|
