MS IE CSS Parsing Memory Corruption (Dec 21, 2010)


Microsoft Internet Explorer is one of the most popular web browsers on the Internet. Internet Explorer is capable of rendering both static and dynamic web contents. It can also be used to download files, play multi-media contents and open different file formats using various plug-ins.

A use-after-free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles the creation and deletion of CSS (Cascading Style Sheets) objects. Remote attackers may exploit this vulnerability by enticing the target user to view a malicious HTML document, which allows injection and execution of arbitrary code.

SonicWALL has released several IPS signatures to detect and block known exploits targeting this vulnerability. The following signatures were released to address this issue:

  • 6094 – MS IE CSS Import Use-After-Free Code Execution 1
  • 6095 – MS IE CSS Import Use-After-Free Code Execution 2
  • 6096 – MS IE CSS Import Use-After-Free Code Execution 3

In addition to handling this specific threat, SonicWALL currently deploys a number of generic signatures which detect known shellcode patterns and evasion techniques that would likely be used during exploitation attempts of a vulnerability such as this one.

For more information about this vulnerability, please read SecurityFocus advisory Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.