Tuesday, November 24, 2009 7:45 AM
cmosby
[SA37448] Internet Explorer Layout Handling Memory Corruption Vulnerability - Secunia
TITLE:
Internet Explorer Layout Handling Memory Corruption Vulnerability
SECUNIA ADVISORY ID:
SA37448
VERIFY ADVISORY:
http://secunia.com/advisories/37448/
DESCRIPTION:
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the layout parsing and can be exploited to corrupt memory by tricking a user into viewing a specially crafted web page.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in IE6 on Windows XP SP2 and IE7 on Windows XP SP3. Other versions may also be affected.
SOLUTION:
Disable support for active scripting for all but trusted websites.
PROVIDED AND/OR DISCOVERED BY:
securitylab.ir
Filed under: SMS, Security and Anti-Virus, Patch Management, Microsoft Windows, Internet Explorer, Configuration Management, ConfigMgr, Enterprise Applications, Software Vulnerabilites