Published: 2008-12-14T18:15+00:00    Last Updated: 2008-12-28T10:01+00:00

JVNTR-2008-08
Microsoft Internet Explorer Data Binding Vulnerability (TA08-352A)

Overview

Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Exploit code for this vulnerability is publicly available and is being actively exploited.

Event Information


Date (UTC)Description
2008-12-23 22:50 Symantec
ThreatCON (2) => (1)
2008-12-19 17:16 SANS Internet Storm Center
IE bug being exploited by Word Documents
2008-12-18 01:11 JPCERT/CC
JPCERT-AT-2008-0023: Vulnerability in Internet Explorer Data Binding
2008-12-17 22:14 Microsoft
MS08-DEC: Out-of-Band Microsoft Security Bulletin Summary for December 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-12-17 22:14 Microsoft
Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-078 to address this issue.
2008-12-17 21:03 US-CERT
TA08-316A: Microsoft Internet Explorer Data Binding Vulnerability
Via US-CERT Mailing List
2008-12-17 20:22 Symantec
ThreatCON (2) => (2)
Microsoft has released an out-of-band security bulletin that addresses the recent unpatched IE 7 vulnerability that is being exploited in the wild. Customers are urged to apply the patch.
2008-12-17 19:57 SANS Internet Storm Center
Internet Explorer 960714 is released
The Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714) is available now. We covered this issue in several recent diaries.
2008-12-17 17:39 US-CERT
Microsoft Releases Security Bulletin MS08-078
US-CERT Current Activity
Microsoft has released Security Bulletin MS08-078 to address a vulnerability in Internet Explorer. This vulnerability is due to an invalid pointer reference in the data binding function. By convincing a user to view a specially crafted document that performs data binding (e.g., a web page, email message, or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code.
2008-12-16 21:12 Microsoft
MS08-DEC: Out-of Band Microsoft Security Bulletin Advance Notification for December 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-12-16 20:23 SANS Internet Storm Center
Microsoft announces an out of band patch for IE zero day
Microsoft has announced that they will be releasing an out of cycle security bulletin tomorrow for the IE zero day.
2008-12-15 08:17 US-CERT
Microsoft Releases Security Advisory (961051)
US-CERT Current Activity
Microsoft has released Security Advisory 961051 to address reports of attacks against a new vulnerability in Internet Explorer 7. By convincing a user to view a specially crafted XML document, an attacker may be able to execute arbitrary code with the privileges of the user. Additionally, Microsoft indicates that it is aware of limited and targeted attacks using this vulnerability.
2008-12-15 Bugtraq
MS Internet Explorer XML Parsing Buffer Overflow Exploit (allinone)
Pointer Reference Memory Corruption Vulnerability (CVE-2008-4844, MS08-078)
#Cid: 32721-krafty.html
#Tested: Windows XP SP2 + IE 7
#Tested: Windows XP SP3 + IE 7
#Tested: Windows Vista + IE 7
#Tested: cpe:/o:microsoft:windows_xp::sp2 + cpe:/a:microsoft:ie:7
#Tested: cpe:/o:microsoft:windows_xp::sp3 + cpe:/a:microsoft:ie:7
#Tested: cpe:/o:microsoft:windows_vista + cpe:/a:microsoft:ie:7
2008-12-13 20:36 SANS Internet Storm Center
The continuing IE saga - workarounds
For those who have been following the recent exploitation of the unpatched Internet Explorer vulnerability, Microsoft updated their security advisory 961051, yet again yesterday.
2008-12-13 00:19 Trend Micro
IE Zero-Day Follow-Up: Now Featuring Mass SQL Injections
TrendLabs | Malware Blog - by Trend Micro
2008-12-12 19:23 Microsoft
Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Revised to include Microsoft Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 as potentially vulnerable software.
2008-12-12 12:37 SANS Internet Storm Center
IE7 0day expanded to include IE6 and IE8(beta) (Version: 2)
Microsoft has updated Security Advisory (961051) to include Microsoft Internet Explorer 6 and Windows Internet Explorer 8(beta).
2008-12-12 11:16 Microsoft
Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Advisory published.
Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer.
2008-12-12 01:00 SANS Internet Storm Center
MSIE 0-day Spreading Via SQL Injection
One of our readers submitted this log entry, which shows a typical SQL injection exploit. The "new" part is that the javascript injected in this case is trying to exploit the MSIE 0-day:
2008-12-11 20:00 IBM Internet Security Systems
AlertCon (1) => (2)
The threat level has been raised to AlertCon 2 due to active exploitation of an unpatched vulnerability in Microsoft Internet Explorer.
2008-12-11 09:50 SANS Internet Storm Center
0-day exploit for Internet Explorer in the wild (Version: 3)
As reported by some other researchers, there is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon.
2008-12-11 09:48 Shadowserver
IE7 0-Day Exploit Gets Worse
It should be no surprise that it's getting a little worse. ISC is now reporting that at least one website that exploits the IE7 vulnerability (among others) is now being SQL injected into websites across the Internet.
2008-12-11 IBM Internet Security Systems
Microsoft Internet Explorer Data Binding Code Execution
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error in data binding while parsing a Web page. Active exploitation is expanding.
2008-12-10 23:55 Symantec
ThreatCON (1) => (2)
The ThreatCon is at level 2. Two previously unknown, unpatched vulnerabilities affecting Microsoft Internet Explorer and Microsoft WordPad are being exploited in the wild.
2008-12-10 14:20 Trend Micro
Zero-Day IE Flaw Being Actively Exploited
TrendLabs | Malware Blog - by Trend Micro
2008-12-10 12:22 Shadowserver
IE7 0-Day Exploit Sites
As many of you have seen, there is a new 0-day exploit in the wild affecting Internet Explorer 7 users. This is a new exploit that is being actively exploited and it was not patched yesterday (meaning there is no patch available, yet). Visiting a website with this exploit can result in a full compromise of an affected system. Currently most of the exploits out there will attempt to download a trojan onto the system.
2008-12-10 Trend Micro
JS_DLOAD.MD
Exploiting Pointer Reference Memory Corruption Vulnerability (CVE-2008-4844, MS08-078)
2008-12-10 Bugtraq
MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day
Pointer Reference Memory Corruption Vulnerability (CVE-2008-4844, MS08-078)
#Cid: 32721-vista.html
#Tested: Windows Vista SP1 + IE 7.0.6001.18000
#Tested: Windows Vista SP0 + IE 7.0.6000.16386
#Tested: cpe:/o:microsoft:windows_vista::sp1 + cpe:/a:microsoft:ie:7.0.6001.18000
#Tested: cpe:/o:microsoft:windows_vista::sp0 + cpe:/a:microsoft:ie:7.0.6000.16386
2008-12-10 Bugtraq
MS Internet Explorer XML Parsing Remote Buffer Overflow Exploit 0day
Pointer Reference Memory Corruption Vulnerability (CVE-2008-4844, MS08-078)
#Cid: 2008-iesploit.tar.gz
#Tested: Windows XP SP3 + IE 7.0.5730.13
#Tested: cpe:/o:microsoft:windows_xp::sp3 + cpe:/a:microsoft:ie:7.0.5730.13


Other Information