{"vuid":"VU#492515","idnumber":"492515","name":"Microsoft Internet Explorer HTML object memory corruption vulnerability","keywords":["Microsoft Security Advisory (979352)","remote code execution","microsoft","internet explorer","use-after-free"],"overview":"An invalid pointer reference within Microsoft Internet Explorer may lead to execution of arbitrary code.","clean_desc":"Microsoft Internet Explorer contains a memory corruption vulnerability, which can result in an invalid pointer being accessed after an object is incorrectly initialized or has been deleted. In certain circumstances, the invalid pointer access can be leveraged by an attacker to execute arbitrary code. This vulnerability is being actively exploited, and exploit code is publically available. Please see Microsoft Security Advisory 979352 for further information.","impact":"By convincing a user to load a specially crafted HTML document or Microsoft Office document, a remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.","resolution":"Apply an update\nMicrosoft has released an update to address the issue. See Microsoft Security Bulletin MS10-002 for more information. Users are encouraged to consider additional mitigations listed in Microsoft Security Advisory 979352:","workarounds":"Enable Data Execution Prevention (DEP) on Internet Explorer 6 or Internet Explorer 7 Microsoft has published more information on DEP as a mitigation for this vulnerability. DEP should not be treated as a complete workaround, but DEP can mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts \"Understanding DEP as a mitigation technology\" part 1 and part 2. Use of DEP should be considered in conjunction with other mitigations described in this document. Set the Internet zone security setting to \"High\" Setting the Internet zone security setting to \"High\" will result in the user being prompted before running ActiveX controls and Active Scripting, which may reduce the risk of certain attack vectors. Disable Active Scripting Disabling Active Scripting will prevent Active Scripting from running, which may reduce the risk of certain attack vectors. Disable ActiveX Controls in Microsoft Office This vulnerability can be exploited through a Microsoft Office document containing an ActiveX control. Disabling ActiveX controls in Microsoft Office blocks this attack vector. For detailed instructions on how to disable ActiveX in Microsoft Office, see the \"Workarounds\" section of Microsoft Security Advisory 979352 and the \"Enable or disable ActiveX controls in Office documents\" Microsoft Office Online article.","sysaffected":"","thanks":"This vulnerability was reported by \nMicrosoft. Microsoft credits Google Inc., MANDIANT, Adobe, and McAfee.","author":"This document was written by David Warren.","public":["http://www.microsoft.com/technet/security/advisory/979352.mspx","http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx","http://support.microsoft.com/kb/979352","http://blogs.technet.com/msrc/archive/2010/01/18/advisory-979352-update-for-monday-january-18.aspx","http://blogs.technet.com/srd/archive/2010/01/18/additional-information-about-dep-and-the-internet-explorer-0day-vulnerability.aspx","http://office.microsoft.com/en-us/help/HA100310671033.aspx","http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx","http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx"],"cveids":["CVE-2010-0249"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-01-14T21:32:06Z","publicdate":"2010-01-14T00:00:00Z","datefirstpublished":"2010-01-14T22:55:07Z","dateupdated":"2010-01-21T21:14:49Z","revision":64,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"13","cam_internetinfrastructure":"10","cam_population":"20","cam_impact":"16","cam_easeofexploitation":"9","cam_attackeraccessrequired":"20","cam_scorecurrent":"41.04","cam_scorecurrentwidelyknown":"46.44","cam_scorecurrentwidelyknownexploited":"54","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":41.04,"vulnote":null}