Internet Security Systems - AlertCon(TM)

2007 X-Force Report Preview - Browser Exploitation Trends

Posted by Kris Lamb on February 05, 2008 at 12:08 PM EST.

As promised in the previous blog posting, we are doing two X-Force 2007 Trend Statistics Report preview postings today to make up for the fact we didn't start posting on Monday. We follow-up the excerpt from the vulnerability analysis section with an excerpt from the web browser exploitation section of the report:

 

Windows-based Web Browser Vulnerabilities

Microsoft released Internet Explorer (IE) patches for 28 critical vulnerabilities in 2007. Compared with the X-Force assessment for 2006, the overall number and type of vulnerabilities are very similar—even down to their respective category allocations.

Memory corruption vulnerabilities have overwhelmingly plagued IE throughout 2007, and X-Force expects this to continue during 2008. While there have not been any security zone bypass issues of a critical nature, the number of critical miscellaneous issues has increased by four since the first half of 2007. These issues include logic bugs that may result in remote code execution or a serious URL spoofing scenario.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.