MS IE Aurora Memory Corruption (Jan 15, 2010)


A 0day memory corruption vulnerability, codenamed Aurora, in the Internet Explorer browser has been disclosed. Most versions of the product are affected by the flaw. The vulnerability can be leveraged by accessing a freed or deleted DOM object through scripting. This action manifests itself internally as an invalid memory pointer reference which can in turn be manipulated to divert process flow of the browser. Exploitation resulting in code execution has been proven to be rather consistent and stable across all vulnerable versions of the affected product except for version 7 and 8 providing that DEP has been enabled.

The vulnerability is reported to have been exploited in targeted attacks. Exploitation requires the attacker to entice the target user to follow an HTTP link to the site hosting malicious code. The target browser has to have scripting enabled to be vulnerable.

Due to the nature of the bug and the virtually limitless ways of hiding or otherwise obfuscating malicious code exploiting the flaw, it is not feasible to develop an IPS signature that would encompass all attack cases. However, SonicWALL already has numerous existing IPS signatures that detect and block popular shell code used in HTML attacks which may be blocking attacks targeting this flaw. SonicWALL has released an additional IPS signature addressing the publicly released exploit and its variations. The following signature has been released:

  • 4711 – Javascript ASCII Table Lookup Attempt

The vendor has released a security advisory addressing this issue. Mitre has assigned the vulnerability the id CVE-2010-0249. A working public exploit has also been released by the metasploit project.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.