| Beschreibung: | Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-072.
Vulnerability Insight:
Multiple flaws are due to:
- The 'tdc.ocx' ActiveX control being built with vulnerable Active Template
Library (ATL) headers, which could allow the instantiation of arbitrary objects
that can bypass certain security related policies.
- Memory corruption error occurs when the browser attempts to access an object
that has not been initialized or has been deleted, which could be exploited
to execute arbitrary code via a specially crafted web page.
- Memory corruption occurs when processing 'CSS' objects.
- Race condition occurs while repetitively clicking between two elements at
a fast rate, which could be exploited to execute arbitrary code via a
specially crafted web page.
- A dangling pointer during deallocation of a circular dereference for a
CAttrArray object, which could be exploited to execute arbitrary code via
a specially crafted web page.
Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary code via
specially crafted HTML page in the context of the affected system and cause
memory corruption thus causing remote machine compromise.
Affected Software/OS:
Microsoft Internet Explorer version 5.x/6.x/7.x/8.x.
Solution:
The vendor has released updates. Please see the references for more information.
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
