21.01.10 Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability
BugSec group’s On Line Fraud Research team, Versafe, found and reported a critical vulnerability in Internet Explorer in August 2009. The vulnerability was reported to Microsoft and treated in the patch release, Jan. 21, 2010.
This vulnerability used for attack against Google's accounts and reported on Wednesday, August 26, 2009 2:54 PM (GMT +2:00).
the mitigation from microsoft is to disable active scripting.
the exploited is in the wild.
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
When an event is invoked, a value containing the event details is sent to
the event handler.
One of the methods of this value is 'srcElement' which points to the object
who called the event.
The problem occurs in the following situation:
1. Invoking an event on page using a certain object ('input', 'img' and
2. Duplicating the event in memory and saving it as a global value.
3. After exiting the event handler, deleting the object who created the
event (the 'input', 'img' and etc').
4. Trying to access the 'srcElement' will crash the browser due to memory