Monday, January 3, 2011

Internet Explorer 0-Day: CVE-2010-3971

On December 22, 2010 Microsoft released an advisory stating that they are “...investigating new, public reports of targeted attacks attempting to exploit a vulnerability in all supported versions of Internet Explorer.” The vulnerability in question, CVE-2010-3971, allows attackers to execute arbitrary code in the context of the Internet Explorer application. Failed exploit attempts will result in denial-of-service conditions.

Microsoft states that the vulnerability exists due to “the creation of uninitialized memory during a CSS function within Internet Explorer.” The exploit takes advantage of the Internet Explorer DLL mscorie.dll having not been opted in to support address space layout randomization (ASLR). More details on the exact cause of this vulnerability can be found here.

This vulnerability is currently being exploited in the wild. Metasploit module ms11_xxx_ie_css_import has recently been uploaded to exploit this vulnerability. Offensive Security can be seen demonstrating the exploit here.

Microsoft is currently recommending users download the Enhanced Mitigation Experience Toolkit (MET) and opt-in Internet Explorer to mitigate this vulnerability.

For more details on DEP/ASLR please see the following links: