full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] FortiGuard Advisory: M

Re: [Full-disclosure] FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability

From: James Birk <jamesbirk_at_nospam>
Date: Fri Jan 22 2010 - 16:28:05 GMT
To: "noreply-secresearch@fortinet.com" <noreply-secresearch@fortinet.com>

Good to see nothing's changed with Bugtraq in fifteen years. Anyone want to point me to a security list where ads like the one below are not allowed?

2010/1/21 noreply-secresearch@fortinet.com <noreply-secresearch@fortinet.com

> Microsoft Internet Explorer Remote Memory Corruption Vulnerability
> 2010.January.21
> Summary:
> ========
> Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability
> in Microsoft's Internet Explorer.
> Impact:
> =======
> Remote Code Execution.
> Risk:
> =====
> Critical
> Affected Software:
> ==================
> For a list of Internet Explorer versions affected, please see the Microsoft
> Security Advisory reference below.
> Additional Information:
> =======================
> In order to compromise a system / remotely execute code, an attacker would
> lure a user to a maliciously crafted website. When a user views the Web
> page, the vulnerability could allow remote code execution. An attacker who
> successfully exploited this vulnerability could gain the same user rights as
> the logged-on user. If a user is logged on with administrative user rights,
> an attacker who successfully exploited this vulnerability could take
> complete control of an affected system.
> Solutions:
> ==========
> Since an attack scenario would require a user to visit a malicious website,
> it is recommended to have a layered security solution through webfiltering
> and intrusion prevention for mitigation.
> * Use the solution provided by Microsoft (MS10-002).
> * FortiGuard Labs released the signature
> "MS.IE.MergeAttributes.Remote.Code.Execution".
> o Advanced zero-day protection has been available since September
> 3, 2009.
> FortiGuard Labs continues to monitor attacks against this vulnerability.
> Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS)
> service should be protected against this vulnerability. Fortinet's IPS
> service is one component of FortiGuard Subscription Services, which also
> offer comprehensive solutions such as antivirus, Web content filtering and
> antispam capabilities. These services enable protection against threats on
> both application and network layers. FortiGuard Services are continuously
> updated by FortiGuard Labs, which enables Fortinet to deliver a combination
> of multi-layered security intelligence and true zero-day protection from new
> and emerging threats. These updates are delivered to all FortiGate,
> FortiMail and FortiClient products. Fortinet strictly follows responsible
> disclosure guidelines to ensure optimum protection during a threat's
> lifecycle.
> References:
> ===========
> FortiGuard Advisory: http://www.fortiguard.com/advisory/FGA-2010-05.html
> Microsoft Security Bulletin:
> http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
> CVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0247
> Acknowledgement:
> ================
> Haifei Li of Fortinet's FortiGuard Labs

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/