1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MSIE CSS File Memory Corruption

HTTP MSIE CSS File Memory Corruption

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature will detect attempts to exploit a memory corruption vulnerability in Internet Explorer.

Additional Information

Microsoft Internet Explorer is a web browser available for Microsoft Windows.

Internet Explorer is prone to a remote memory-corruption vulnerability. This issue occurs when parsing cascading style sheet (CSS) expressions in web pages. Specifically, the issue is triggered when specially crafted '@import url()' statements are parsed, which may result in a use-after-free condition within the "mshtml.dll" library.

Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.

Internet Explorer versions 6 and 8 are vulnerable.

Affected

  • Various

Response

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube