[SingCERT] Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability

[ Summary ]

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

This issue occurs when parsing cascading style sheet (CSS) expressions in web pages. Specifically, the issue is triggered when specially crafted '@import url()' statements are parsed, which may result in a use-after-free condition within the "mshtml.dll" library. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.
Proof-of-concept and exploit code is available

[ Affected Systems ]

Internet Explorer versions 6 and 8 are vulnerable.

[ Impact Analysis ]

Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.

[ Solution/Workaround ]

No Solution at this moment.
Workaround:
Run all software as a non privileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run non administrative software as an unprivileged user with minimal access rights.

[ Reference ]

• http://www.microsoft.com/technet/security/advisory/2488013.mspx