[VIM] [Full-disclosure] ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
security curmudgeon
jericho at attrition.org
Wed Jun 15 04:02:34 CDT 2011
On Wed, 15 Jun 2011, OSF LISTS wrote:
: Believe this should be CVE-2011-1256. Confirm?
And on second glance..
http://www.zerodayinitiative.com/advisories/ZDI-11-197
CVE-2011-1266
http://www.zerodayinitiative.com/advisories/ZDI-11-193
CVE-2011-1256
Yet there are 2 MS IE vulns related to DOM manipulation:
2011-1256 Microsoft IE vgx.dll imagedata VML Object DOM Modification Memory Corruption
2011-1251 Microsoft IE DOM Manipulation Memory Corruption
Perhaps ZDI-11-197 is really CVE-2011-1251? Or did you issue two
advisories for 2011-1256?
: On Tue, Jun 14, 2011 at 1:25 PM, ZDI Disclosures <
: zdi-disclosures at tippingpoint.com> wrote:
:
: > ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code
: > Execution Vulnerability
: >
: > http://www.zerodayinitiative.com/advisories/ZDI-11-197
: >
: > June 14, 2011
: >
: > -- CVE ID:
: > CVE-2011-1266
: >
: > -- CVSS:
: > 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
: >
: > -- Affected Vendors:
: > Microsoft
: >
: > -- Affected Products:
: > Microsoft Internet Explorer 8
: >
: > -- TippingPoint(TM) IPS Customer Protection:
: > TippingPoint IPS customers have been protected against this
: > vulnerability by Digital Vaccine protection filter ID 11254.
: > For further product information on the TippingPoint IPS, visit:
: >
: > http://www.tippingpoint.com
: >
: > -- Vulnerability Details:
: > This vulnerability allows remote attackers to execute arbitrary code on
: > vulnerable installations of Internet Explorer. User interaction is
: > required to exploit this vulnerability in that the target must visit a
: > malicious page or open a malicious file.
: >
: > The specific flaw exists within vgx.dll while parsing VML objects from
: > the DOM. Specifically, the faulty code exists while handling imagedata
: > parameters during page deconstruction. By dynamically assigning an
: > attribute to an imagedata object the process can be made to access freed
: > memory. Successful exploitation can lead to code execution under the
: > context of the application.
: >
: > -- Vendor Response:
: > Microsoft has issued an update to correct this vulnerability. More
: > details can be found at:
: >
: > http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx
: >
: > -- Disclosure Timeline:
: > 2011-01-21 - Vulnerability reported to vendor
: > 2011-06-14 - Coordinated public release of advisory
: >
: > -- Credit:
: > This vulnerability was discovered by:
: > * Anonymous
: >
: > -- About the Zero Day Initiative (ZDI):
: > Established by TippingPoint, The Zero Day Initiative (ZDI) represents
: > a best-of-breed model for rewarding security researchers for responsibly
: > disclosing discovered vulnerabilities.
: >
: > Researchers interested in getting paid for their security research
: > through the ZDI can find more information and sign-up at:
: >
: > http://www.zerodayinitiative.com
: >
: > The ZDI is unique in how the acquired vulnerability information is
: > used. TippingPoint does not re-sell the vulnerability details or any
: > exploit code. Instead, upon notifying the affected product vendor,
: > TippingPoint provides its customers with zero day protection through
: > its intrusion prevention technology. Explicit details regarding the
: > specifics of the vulnerability are not exposed to any parties until
: > an official vendor patch is publicly available. Furthermore, with the
: > altruistic aim of helping to secure a broader user base, TippingPoint
: > provides this vulnerability information confidentially to security
: > vendors (including competitors) who have a vulnerability protection or
: > mitigation product.
: >
: > Our vulnerability disclosure policy is available online at:
: >
: > http://www.zerodayinitiative.com/advisories/disclosure_policy/
: >
: > Follow the ZDI on Twitter:
: >
: > http://twitter.com/thezdi
: >
: > _______________________________________________
: > Full-Disclosure - We believe in it.
: > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
: > Hosted and sponsored by Secunia - http://secunia.com/
: >
:
More information about the VIM
mailing list