Thursday, January 06, 2011 9:28 AM cmosby

Currently Unpatched Windows / Internet Explorer Vulnerabilities – SANS Internet Storm Center

Published: 2011-01-05,
Last Updated: 2011-01-05 20:49:56 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Thanks to our reader Dan for getting this started. Here is a preliminary table on various Internet Explorer and Windows vulnerabilities that are as of yet unpatched.Let me know if I forgot one. I originally planned to include some of the older issues, but none of them appears to be as relevant/serious as the issues in this list.

CVE Name Release Date Affected Exploit and comments Mitigation
no CVE Use after free error within "mshtml.dll" Jan 5th 2011 IE 7,8  
CVE-2010-3970 Graphics Rendering Engine Jan 4th 2011 Windows XP/VIsta (not: 7, 2008 R2) Available

Disable shimgvw.dll

MSFT Advisory #2490606

no CVE WMI ActiveX Control Dec 23rd 2010 IE with WMI ActiveX Control installed
See this Websense blog for details
set killbit on affected ActiveX control
CVE-2010-3971 CSS Import Rule Processing Use-After-Free Vulnerability Dec 14th 2010 IE 6,7,8 PoC available. Critical

Enhanced Mitigation Experience Toolkit

MSFT Advisory #2488013


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

1 comment(s)
Filed under: , , , ,


No Comments