2 new vulnerabilities in Internet Explorer
Integer overflow and heap overflow in T2EMBED.DLL
A vulnerability has been discovered in the Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) library that allows to execute arbitrary code. Internet Explorer uses this library to handle EOT loaded fonts. In addition to Internet Explorer, other applications that use the specified library (for example, Microsoft Office) are also vulnerable.
Vulnerable to Windows XP SP2, SP3; Windows Server 2003 SP2; Windows Vista RTM, SP1, SP2; Windows Server 2008.
')
On July 14, 2009, Microsoft released a patch covering this vulnerability.
www.microsoft.com/technet/security/bulletin/MS09-029.mspx
Interestingly, the first message about the vulnerability was sent to Microsoft on August 25, 2008, and the working example of using the vulnerability was September 22, 2008. Thus, the vulnerability remained unclosed for 323 days.
References:
- labs.idefense.com/intelligence/vulnerabilities/display.php?id=811
- www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231
- www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0232
- www.microsoft.com/technet/security/bulletin/MS09-029.mspx
Memory corruption in the standard ActiveX control msvidctl.dll
A vulnerability was discovered in the ActiveX control that allows the execution of arbitrary code. msvidctl.dll is distributed with Windows and installed by default.
The vulnerable version of the library is distributed with: Windows XP SP2, SP3; Windows Server 2003 SP2.
There is a public exploit for this vulnerability and there are reports of its use to infect computers.
Microsoft “closed” this vulnerability in the usual way: by setting the kill bit (ActiveX Kill Bit), which prevents Internet Explorer from downloading this ActiveX component. However, the library code remains unchanged after applying the patch.
References:
Source: https://habr.com/ru/post/64910/
All Articles