Wednesday, November 03, 2010 10:22 AM
cmosby
Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962) – SANS Internet Storm Center
Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)
Share |
Published: 2010-11-03,
Last Updated: 2010-11-03 15:03:19 UTC
by Kevin Liston (Version: 1)
0 comment(s)
Microsoft has announced a vulnerability in all currently-supported versions of Internet Explorer (6 through 8) that could all the execution of arbitrary code (advisory 2458511.) This would likely be leveraged in a drive-by-exploit scenario. They state that DEP (Data Execution Prevention) and Protected Mode are mitigating factors.
I'm still collecting more details so this will be updated as more details become available.
CVSS Base: pending
Exploit code: non-public, but reported to have attacks in the wild.
Workarounds: available
Patches: unavailable
IDS signatures: pending
Filed under: Security and Anti-Virus, Patch Management, Browser Wars, Internet Explorer, Internet Applications, Software Vulnerabilites