OSVDB ID: 61697

Title: Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora)

Info

Disclosure

Jan 14, 2010

Discovery

Unknown

Dates

Exploit

Jan 14, 2010

Solution

Jan 21, 2010

Description

Internet Explorer contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered when a specially crafted website causes mshtml.dll to access memory that has been freed, allowing code execution.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Internet Explorer	6 SP1
		7
		8
		6

References

Security Tracker: 1023462
Exploit Database: 11167
CVE ID: 2010-0249 (see also: NVD)
Bugtraq ID: 37815
Secunia Advisory ID: 38209
SCIP VulDB ID: 4079
CERT VU: 492515
Metasploit ID: 61697
Generic Informational URL: http://blog.metasploit.com/2010/01/reproducing-aurora-ie-exploit.html
News Article: http://blogs.pcmag.com/securitywatch/2010/01/new_ie_0-day_not_acrobat_named.php
http://news.cnet.com/8301-27080_3-10429070-245.html
http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222301235
http://www.eweek.com/c/a/Security/France-Germany-Say-Avoid-IE-Until-Security-Vulnerability-Patched-321481/
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222400136
http://www.pcmag.com/article2/0,2817,2358210,00.asp
http://www.theregister.co.uk/2010/01/26/aurora_attack_origins/
http://www.wired.com/threatlevel/2010/01/microsoft-zero-day-flaw/
Vendor Specific News/Changelog Entry: http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx
http://www.microsoft.com/technet/security/advisory/979352.mspx
Other Advisory URL: http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html
http://support.microsoft.com/kb/979352
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/ie_eventparam_useafterfree
Mail List Post: http://seclists.org/bugtraq/2010/Jan/120
Microsoft Security Bulletin: MS10-002

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/61697

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit