Published: 2008-12-14T18:15+00:00
Last Updated: 2008-12-28T10:01+00:00
JVNTR-2008-08
Microsoft Internet Explorer Data Binding Vulnerability (TA08-352A)
Overview
Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Exploit code for this vulnerability is publicly available and is being actively exploited.
Event Information
| Date (UTC) | Description |
| 2008-12-23 22:50 |
Symantec ThreatCON (2) => (1) |
| 2008-12-19 17:16 |
SANS Internet Storm Center IE bug being exploited by Word Documents |
| 2008-12-18 01:11 |
JPCERT/CC JPCERT-AT-2008-0023: Vulnerability in Internet Explorer Data Binding |
| 2008-12-17 22:14 |
Microsoft MS08-DEC: Out-of-Band Microsoft Security Bulletin Summary for December 2008 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2008-12-17 22:14 |
Microsoft Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-078 to address this issue. |
| 2008-12-17 21:03 |
US-CERT TA08-316A: Microsoft Internet Explorer Data Binding Vulnerability Via US-CERT Mailing List |
| 2008-12-17 20:22 |
Symantec ThreatCON (2) => (2) Microsoft has released an out-of-band security bulletin that addresses the recent unpatched IE 7 vulnerability that is being exploited in the wild. Customers are urged to apply the patch. |
| 2008-12-17 19:57 |
SANS Internet Storm Center Internet Explorer 960714 is released The Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714) is available now. We covered this issue in several recent diaries. |
| 2008-12-17 17:39 |
US-CERT Microsoft Releases Security Bulletin MS08-078 US-CERT Current Activity Microsoft has released Security Bulletin MS08-078 to address a vulnerability in Internet Explorer. This vulnerability is due to an invalid pointer reference in the data binding function. By convincing a user to view a specially crafted document that performs data binding (e.g., a web page, email message, or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code. |
| 2008-12-16 21:12 |
Microsoft MS08-DEC: Out-of Band Microsoft Security Bulletin Advance Notification for December 2008 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2008-12-16 20:23 |
SANS Internet Storm Center Microsoft announces an out of band patch for IE zero day Microsoft has announced that they will be releasing an out of cycle security bulletin tomorrow for the IE zero day. |
| 2008-12-15 08:17 |
US-CERT Microsoft Releases Security Advisory (961051) US-CERT Current Activity Microsoft has released Security Advisory 961051 to address reports of attacks against a new vulnerability in Internet Explorer 7. By convincing a user to view a specially crafted XML document, an attacker may be able to execute arbitrary code with the privileges of the user. Additionally, Microsoft indicates that it is aware of limited and targeted attacks using this vulnerability. |
| 2008-12-15 |
Bugtraq MS Internet Explorer XML Parsing Buffer Overflow Exploit (allinone) Pointer Reference Memory Corruption Vulnerability (CVE-2008-4844, MS08-078) #Cid: 32721-krafty.html #Tested: Windows XP SP2 + IE 7 #Tested: Windows XP SP3 + IE 7 #Tested: Windows Vista + IE 7 #Tested: cpe:/o:microsoft:windows_xp::sp2 + cpe:/a:microsoft:ie:7 #Tested: cpe:/o:microsoft:windows_xp::sp3 + cpe:/a:microsoft:ie:7 #Tested: cpe:/o:microsoft:windows_vista + cpe:/a:microsoft:ie:7 |
| 2008-12-13 20:36 |
SANS Internet Storm Center The continuing IE saga - workarounds For those who have been following the recent exploitation of the unpatched Internet Explorer vulnerability, Microsoft updated their security advisory 961051, yet again yesterday. |
| 2008-12-13 00:19 |
Trend Micro IE Zero-Day Follow-Up: Now Featuring Mass SQL Injections TrendLabs | Malware Blog - by Trend Micro |
| 2008-12-12 19:23 |
Microsoft Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution Revised to include Microsoft Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 as potentially vulnerable software. |
| 2008-12-12 12:37 |
SANS Internet Storm Center IE7 0day expanded to include IE6 and IE8(beta) (Version: 2) Microsoft has updated Security Advisory (961051) to include Microsoft Internet Explorer 6 and Windows Internet Explorer 8(beta). |
| 2008-12-12 11:16 |
Microsoft Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution Advisory published. Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. |
| 2008-12-12 01:00 |
SANS Internet Storm Center MSIE 0-day Spreading Via SQL Injection One of our readers submitted this log entry, which shows a typical SQL injection exploit. The "new" part is that the javascript injected in this case is trying to exploit the MSIE 0-day: |
| 2008-12-11 20:00 |
IBM Internet Security Systems AlertCon (1) => (2) The threat level has been raised to AlertCon 2 due to active exploitation of an unpatched vulnerability in Microsoft Internet Explorer. |
| 2008-12-11 09:50 |
SANS Internet Storm Center 0-day exploit for Internet Explorer in the wild (Version: 3) As reported by some other researchers, there is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. |
| 2008-12-11 09:48 |
Shadowserver IE7 0-Day Exploit Gets Worse It should be no surprise that it's getting a little worse. ISC is now reporting that at least one website that exploits the IE7 vulnerability (among others) is now being SQL injected into websites across the Internet. |
| 2008-12-11 |
IBM Internet Security Systems Microsoft Internet Explorer Data Binding Code Execution Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error in data binding while parsing a Web page. Active exploitation is expanding. |
| 2008-12-10 23:55 |
Symantec ThreatCON (1) => (2) The ThreatCon is at level 2. Two previously unknown, unpatched vulnerabilities affecting Microsoft Internet Explorer and Microsoft WordPad are being exploited in the wild. |
| 2008-12-10 14:20 |
Trend Micro Zero-Day IE Flaw Being Actively Exploited TrendLabs | Malware Blog - by Trend Micro |
| 2008-12-10 12:22 |
Shadowserver IE7 0-Day Exploit Sites As many of you have seen, there is a new 0-day exploit in the wild affecting Internet Explorer 7 users. This is a new exploit that is being actively exploited and it was not patched yesterday (meaning there is no patch available, yet). Visiting a website with this exploit can result in a full compromise of an affected system. Currently most of the exploits out there will attempt to download a trojan onto the system. |
| 2008-12-10 |
Trend Micro JS_DLOAD.MD Exploiting Pointer Reference Memory Corruption Vulnerability (CVE-2008-4844, MS08-078) |
| 2008-12-10 |
Bugtraq MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day Pointer Reference Memory Corruption Vulnerability (CVE-2008-4844, MS08-078) #Cid: 32721-vista.html #Tested: Windows Vista SP1 + IE 7.0.6001.18000 #Tested: Windows Vista SP0 + IE 7.0.6000.16386 #Tested: cpe:/o:microsoft:windows_vista::sp1 + cpe:/a:microsoft:ie:7.0.6001.18000 #Tested: cpe:/o:microsoft:windows_vista::sp0 + cpe:/a:microsoft:ie:7.0.6000.16386 |
| 2008-12-10 |
Bugtraq MS Internet Explorer XML Parsing Remote Buffer Overflow Exploit 0day Pointer Reference Memory Corruption Vulnerability (CVE-2008-4844, MS08-078) #Cid: 2008-iesploit.tar.gz #Tested: Windows XP SP3 + IE 7.0.5730.13 #Tested: cpe:/o:microsoft:windows_xp::sp3 + cpe:/a:microsoft:ie:7.0.5730.13 |
Other Information
| CVE |
CVE-2008-4844 |