Summary:

A specially crafted HTML file can be handled improperly when parsed by Microsoft Internet Explorer, leading to execution of arbitrary code.

Impact:

Remote code execution.

Risk:

• Critical

Affected Software:

For a list of Internet Explorer versions affected, please see the Microsoft Security Bulletin reference below.

Additional Information:

The vulnerability results from a failure to update an array length after a data-bound object is released by Internet Explorer. This memory space is then accessible to a remote attacker, who is able to crash Internet Explorer and execute arbitrary code.

Solutions:

• The FortiGuard Global Security Research Team released the IPS signature "MS.IE.XML.Data.Binding.Memory.Corruption", which covers this specific vulnerability.
• Use the solution provided by Microsoft.

Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this invalid pointer reference vulnerability. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.

References:

• Microsoft Security Bulletin: MS08-078
• CVE ID: CVE-2008-4844