Follow:

Exploit:Win/MSIE.ParameterValidation.RCE!CVE-2008-4258

Severity rating
Critical

Class/Type
Exploit

Discovered date
2008-12-09T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the way Internet Explorer handles certain navigation methods. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.



Impact

An attacker who successfully exploited the remote code execution vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.



Technical details (analysis)

An attacker could host a specially crafted Web site that is designed to exploit the vulnerability through Internet Explorer and then convince a user to visit the Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.



Affected software

Internet Explorer 5.01
Internet Explorer 6 Service Pack 1.
Internet Explorer 6.
Internet Explorer 7



Non-affected software

All applications not in the affected list



References




Solutions




NIS signature

Name: Exploit:Win/MSIE.ParameterValidation.RCE!CVE-2008-4258
Release Date: 2008-12-09T00:00:00



Known false positives

This signature can cause false positives if you are not running any of the affected software versions or if you've already applied the patch.



Work-arounds

Prevent COM objects from running in Internet Explorer