December 11, 2008
Internet Explorer XML Processing Memory Corruption
Executive Summary
A remote code execution vulnerability exists in Microsoft Internet Explorer. An attacker who successfully exploits this vulnerability could take complete control of an affected system.
Scope of Vulnerabilities
Microsoft Internet Explorer does not properly process crafted XML tags, specifically the SPAN tag, which causes memory corruption. This could allow an attacker to execute arbitrary code on the system and thereby take complete control of the system. There are public exploits and reports of limited attacks against this vulnerability. At this time Microsoft has not yet issued a security patch to address this issue.
Third Brigade has issued a security update for its customers that mitigates the risk of exploiting this vulnerability over the network.
Details of this vulnerability are available at: http://labs.thirdbrigade.com
Information on the Microsoft security patch is available at:
http://www.microsoft.com/technet/security/advisory/961051.mspx
Software Protected by Third Brigade
- Microsoft Internet Explorer
Third Brigade customers are advised to apply today’s update containing the latest filters that protect against this and other vulnerabilities. All Third Brigade product filter updates are available to customers at:
http://labs.thirdbrigade.com
For more information, please contact:
Third Brigade, Inc.
Customer Support
Toll free: 1-866-684-7332
Tel: 1-613-599-4505
support@thirdbrigade.com