Security-Alerts mailing list archive (firstname.lastname@example.org)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [NT] Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability
> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx]
> Sent: Wednesday, February 13, 2008 10:59 AM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [NT] Microsoft Internet Explorer SVG
> animateMotion.by Code Execution Vulnerability
> - - - - - - - - -
> Microsoft Internet Explorer SVG animateMotion.by Code
> Execution Vulnerability
> A vulnerability allows remote attackers to execute arbitrary
> code on vulnerable installations of Microsoft Internet
> Explorer. User interaction is required to exploit this
> vulnerability in that the target must visit a malicious page.
> The specific flaw exists in the handling of the "by" property
> of an animateMotion SVG element. By assigning other DOM
> elements to this property, a memory corruption occurs during
> the destruction of a Variant data type. The corruption causes
> an overwrite of a virtual function address allowing for the
> execution of arbitrary code.
> Vendor Response:
> Microsoft has issued an update to correct this vulnerability.
> More details can be found at:
> Disclosure Timeline:
> 2007.09.17 - Vulnerability reported to vendor
> 2008.02.12 - Coordinated public release of advisory
> CVE Information:
> Additional Information:
> The information has been provided by The Zero Day Initiative
> (ZDI) <mailto:zdi-disclosures@xxxxxxxx> .
> The original article can be found at: