MS IE 7 Event Handler Memory Corruption (June 19, 2009)

A vulnerability has been discovered in the Microsoft Internet Explorer web browser. The problem exists in the browser’s method of handling certain DHTML objects. Several event types have been identified as problematic when repeatedly called during an ongoing dynamic web page modification. These events are as follows:

• onbeforedeactivate
• onbeforeactivate
• ondeactive
• onactive
• onfocusout
• onfocusin

Due to improper reuse of memory while processing repeated calls to events that change the markup of the HTML document, this flaw can lead to memory corruption. This may consequently lead to the injection and execution of arbitrary code.

Remote attackers may exploit this vulnerability by enticing the target user to view a malicious HTML document. Exploitation of this flaw is not considered a trivial task. Nevertheless, the popularity of the affected application makes this vulnerability a significant risk.

SonicWALL has deployed an IPS signature that will detect specific exploits targeting this vulnerability. The following signature addresses this issue:

• 5543 – MS IE Event Handler Memory Corruption PoC (MS09-019)

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.