x

Informujemy, że nasza strona wykorzystuje do poprawnego działania pliki cookie. Brak zgody na instalację plików cookie może być wyrażony poprzez ustawienia przeglądarki. Aby dowiedzieć się więcej, kliknij tutaj.

Rejestracja
haslo:

Wyszukiwarka

Zamów podpis elektroniczny

Elektroniczny Obieg Dokumentów
Baza wiedzy
Internet Explorer CSS Tag Parsing Code Execution Vulnerability
news
Description
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to insufficient memory being allocated to store a certain combination of CSS (Cascading Style Sheets) tags. This can be exploited to overwrite a byte in a virtual table pointer and call into user-controlled data in memory via a specially crafted web page.

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is currently being actively exploited.

Solution
Apply a custom CSS to override website CSS styles (please see the Microsoft advisory for details).

Provided and/or discovered by
Reported as a 0-day.

Changelog
Further details available in Customer Area

Original Advisory
Microsoft:
http://www.microsoft.com/technet/security/advisory/2458511.mspx
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area

« wróć