VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)

2014-07-21T00:00:00
ID SECURITYVULNS:DOC:30933
Type securityvulns
Reporter Securityvulns
Modified 2014-07-21T00:00:00

Description

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND

"Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers." (Wikipedia)

II. DESCRIPTION

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer.

The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through "addImport()" or "removeImport()", which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page.

III. AFFECTED PRODUCTS

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9

IV. SOLUTION

Apply MS14-037 security update.

V. CREDIT

This vulnerability was discovered by VUPEN Security.

VI. ABOUT VUPEN Security

VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house R&D efforts conducted by its team of world-class researchers.

VUPEN Solutions: http://www.vupen.com/english/services/

VII. REFERENCES

https://technet.microsoft.com/library/security/ms14-037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1763

VIII. DISCLOSURE TIMELINE

2014-01-24 - Vulnerability Discovered by VUPEN Security 2014-03-14 - Vulnerability Reported to ZDI / Microsoft During Pwn2Own 2014 2014-07-08 - Vulnerability Fixed by Microsoft 2014-07-16 - Public disclosure