Published: 2010-01-23T03:31+00:00
Last Updated: 2010-01-23T03:31+00:00
JVNTR-2010-04
Microsoft Internet Explorer Vulnerabilities (TA10-021A)
Overview
Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer.
Event Information
| Date (UTC) | Description |
| 2010-01-22 02:28 |
JPCERT/CC JPCERT-AT-2010-0004: Zero-day Vulnerability in Microsoft Internet Explorer |
| 2010-01-21 23:24 |
Microsoft ms10-jan: Microsoft Security Bulletin Summary for January 2010 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2010-01-21 21:21 |
Microsoft Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-002 to address this issue. |
| 2010-01-21 20:54 |
US-CERT TA10-021A: Microsoft Internet Explorer Vulnerabilities Via US-CERT Mailing List |
| 2010-01-21 17:57 |
US-CERT Microsoft Releases Cumulative Security Update for Internet Explorer US-CERT Current Activity Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code. |
| 2010-01-20 21:14 |
Microsoft ms10-jan: Microsoft Security Bulletin Advance Notification for January 2010 (out-of-band) This is an advance notification of one out-of-band security bulletinthat Microsoft is intending to release on January 21, 2010. |
| 2010-01-19 21:16 |
Symantec ThreatCON (2) => (2) The ThreatCon is at level 2. Microsoft has released a security advisory and mitigation for a new unpatched vulnerability affecting Internet Explorer. |
| 2010-01-18 08:01 |
JPCERT/CC JPCERT-AT-2010-0004: Zero-day Vulnerability in Microsoft Internet Explorer |
| 2010-01-15 21:35 |
SANS Internet Storm Center Exploit code available for CVE-2010-0249 The details for CVE-2010-0249 aka Microsoft Security Advisory 979352 (http://www.microsoft.com/technet/security/advisory/979352.mspx) aka the Aurora exploit has been made public. It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code. |
| 2010-01-15 17:29 |
McAfee "Aurora" Exploit In Google Attack Now Public McAfee Security Insights Blog Computer code that exploits a yet-to-be-patched vulnerability in Internet Explorer is now publicly available on the Internet. |
| 2010-01-15 |
CERTA (Centre d'Expertise Gouvernemental de Reponse et de Traitement des Attaques informatique) Vulnerabilite dans Microsoft Internet Explorer |
| 2010-01-15 |
BSI (Bundesamt fur Sicherheit in der Informationstechnik) Kritische Sicherheitslucke im Internet Explorer |
| 2010-01-15 |
Bugtraq Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability Vulnerability Proof Of Concept (CVE-2010-0249) #Cid: 37815.py #Tested: cpe:/o:microsoft:windows_xp::sp2 + cpe:/a:microsoft:ie:6 |
| 2010-01-14 23:54 |
Microsoft Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution Advisory published. Microsoft is investigating new public reports of a vulnerability in Internet Explorer. |
| 2010-01-14 22:49 |
US-CERT Microsoft Releases Security Advisory 979352 US-CERT Current Activity Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability. |
| 2010-01-14 22:19 |
SANS Internet Storm Center 0-day vulnerability in Internet Explorer 6, 7 and 8 Microsoft just published an advisory about a critical security vulnerability in all versions of Internet Explorer. |
| 2010-01-14 20:48 |
McAfee More Details on "Operation Aurora" Computer Security Research - McAfee Labs Blog Earlier today, George Kurtz posted an entry, 'Operation "Aurora" Hit Google, Others', on the McAfee's Security Insight blog. The purpose of this blog is to answer questions about this particular attack; fill in some of the threat flow and McAfee coverage details. |
| 2010-01-14 15:34 |
McAfee Operation "Aurora" Hit Google, Others McAfee Security Insights Blog McAfee Labs has been working around the clock, diving deep into the attack we are now calling Aurora that hit multiple companies and was publicly disclosed by Google on Tuesday. |
| 2010-01-13 |
McAfee Exploit-Comele |
| 2010-01-12 12:00 |
Google A new approach to China |
| 2009-08-14 |
Zero Day Initiative (ZDI) ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability HTML Object Memory Corruption Vulnerability (CVE-2010-0248) Reported The specific flaw exists in the handling of cloned DOM objects in JavaScript. A specially crafted sequence of object cloning can result in the use of a pointer after it has been freed. Successful exploitation can lead to remote system compromise under the credentials of the currently logged in user. |
| 2009-07-16 |
Zero Day Initiative (ZDI) ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability Uninitialized Memory Corruption Vulnerability (CVE-2010-0246) Reported The specific flaw exists due to the application rendering intertwined strike and center tags containing an element that manipulates the font baseline such as 'sub' or 'sup'. When this element pointer is removed the application will later dereference it even though it has been freed. Successful exploitation can lead to arbitrary code execution under the context of the currently logged in user. |
| 2009-07-14 |
Zero Day Initiative (ZDI) ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability Uninitialized Memory Corruption Vulnerability (CVE-2010-0245) Reported The specific flaw exists when specific elements are used within a table container. If one of these elements is removed the application will unlink the element from the layout tree incorrectly. When this tree is later traversed, the application will reuse the object that has been freed which can lead to code execution under the context of the current user. |
| 2009-07-14 |
Zero Day Initiative (ZDI) ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability Uninitialized Memory Corruption Vulnerability (CVE-2010-0244) Reported The specific flaw exists when a Col element is used within an HTML table container. If this element is removed while the table is in use a cache that exists of the table's cells will be used after one of it's elements has been invalidated. This can lead to code execution under the context of the currently logged in user. |