Forum Thread: Internet Explorer CSS Tag Parsing Code Execution Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Internet Explorer CSS Tag Parsing Code Execution Vulnerability

Secunia Internet Explorer CSS Tag Parsing Code Execution Vulnerability
Secunia Official 10th Dec, 2010 11:49
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to insufficient memory being allocated to store a certain combination of CSS (Cascading Style Sheets) tags. This can be exploited to overwrite a byte in a virtual table pointer and call into user-controlled data in memory via a specially crafted web page.

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is currently being actively exploited.

Woulouf RE: Internet Explorer CSS Tag Parsing Code Execution Vulnerability
Member 10th Dec, 2010 11:49
Score: 10
Posts: 13
User Since: 4th Nov 2009
System Score: N/A
Location: FR
Last edited on 10th Dec, 2010 11:49
Hi.

This vulnerability will be fixed with the next Microsoft "Patch Tuesday"

http://www.microsoft.com/technet/security/bulletin...

--
PSI 2.0 (attentive) user
----------------------------------
Well, it's just a damn hole-fixing-story ..... isn't it ?
Was this reply relevant?
+3
-0

panderson

RE: Internet Explorer CSS Tag Parsing Code Execution Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

htmtrade

RE: Internet Explorer Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.