Alerts
Alerts
Zero-Day Tracker
Common Name:
Microsoft Internet Explorer XML Processing
Date Disclosed:
11/15/2008
Date Patched:
12/17/2008
Vendor:
Microsoft
Application:
Internet Explorer 5
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8 (BETA)
Description:
A vulnerability exists within Internet Explorer that allows an attacker to execute arbitrary code on a victims machine if they visit a malicious website.
Exploit code for this has been publicly released in a public forum and exploitation has been seen in-the-wild.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
Internet Explorer remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
No mitigation strategies exist for Internet Explorer.
Protection:
Patch:
MS08-078: Security Update for Internet Explorer (960714)
Links:
Press Attention
Microsoft Advisory (961051)
Status:
11/15/2008 In-The-Wild Exploitation Witnessed By 3rd Party
12/9/2008 Reliable Exploit Code Identified by eEye Research
12/11/2008 Internet Explorer 6 Added To Vulnerable Applications
12/17/2008 MS08-078 Out-of-Band Patch Released
Common Name:
Microsoft Internet Explorer XML Processing
Date Disclosed:
11/15/2008
Date Patched:
12/17/2008
Vendor:
Microsoft
Application:
Internet Explorer 5
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8 (BETA)
Description:
A vulnerability exists within Internet Explorer that allows an attacker to execute arbitrary code on a victims machine if they visit a malicious website.
Exploit code for this has been publicly released in a public forum and exploitation has been seen in-the-wild.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
Internet Explorer remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
No mitigation strategies exist for Internet Explorer.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Patch:
MS08-078: Security Update for Internet Explorer (960714)
Links:
Press Attention
Microsoft Advisory (961051)
Status:
11/15/2008 In-The-Wild Exploitation Witnessed By 3rd Party
12/9/2008 Reliable Exploit Code Identified by eEye Research
12/11/2008 Internet Explorer 6 Added To Vulnerable Applications
12/17/2008 MS08-078 Out-of-Band Patch Released
