Internet Security Systems - AlertCon(TM)

X-Force vulnerabilities patched in October

Posted by Shane Garrett on October 20, 2010 at 5:35 PM EDT.

Just a heads up, this October, vendor patches were released for three vulnerabilities found by our advanced research team.


CVE-2010-3552  (Reported by Shane Garrett)

Oracle Java SE and Java for Business Java Plug-in JP2IEXP.dll buffer overflow


The Java plug-in for Internet Explorer has a stack based buffer overflow vulnerability in the handling of certain parameters passed to the ActiveX control.  This vulnerability can be exploited by enticing a victim to visit a malicious web page.  Exploitation results in arbitrary code execution in the context of the current user.  There is currently a publically released exploit for this vulnerability.

References:

 

 

CVE-2010-1263  (Reported by David Dewey)

Vulnerabilities In Microsoft Active Template Library (ATL) Could Allow Remote Code Execution


Microsoft WordPad and Windows Shell will, by default, prompt the user with a warning if they attempt to open a document with a known flawed COM object embedded in the file.  By leveraging a transitive trust issue in the way these applications handle the instantiation of objects, the security settings can be bypassed allowing an attacker to circumvent the normal warning.  With this bypass, an attacker can embed and exploit a known flawed control in a document resulting in remote code execution.

References

 

CVE-2010-3326  (Reported by Takehiro Takahashi)

Microsoft Internet Explorer Deleted Object Code Execution

 

This is a use-after-free vulnerability in DOM objects. An attacker would host a malicious web page exploiting this vulnerability, and execute arbitrary code on remote user's computer. This is one of the most popular class of browser vulnerabilities in recent years, and we expect this trend will continue since keeping track of complex DOM objects perfectly is a very difficult task.

References

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.