2 new vulnerabilities in Internet Explorer
Integer overflow and heap overflow in T2EMBED.DLL
A vulnerability was discovered in the Microsoft Embedded OpenType Font Engine library (T2EMBED.DLL) that could allow arbitrary code to execute. Internet Explorer uses this library to handle loaded fonts in the EOT format. In addition to Internet Explorer, other applications using the specified library are also vulnerable (for example, Microsoft Office).
Vulnerable Windows XP SP2, SP3; Windows Server 2003 SP2; Windows Vista RTM, SP1, SP2; Windows Server 2008.
July 14, 2009 Microsoft released a patch covering this vulnerability
www.microsoft.com/technet/security/bulletin/MS09-029.mspx
Interestingly, the first message about the vulnerability was sent to Microsoft on August 25, 2008, and a working example exploitation of the vulnerability - September 22, 2008. Thus, the vulnerability remained open 323 days.
References:
- labs.idefense.com/intelligence/vulnerabilities/display.php?id=811
- www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231
- www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0232
- www.microsoft.com/technet/security/bulletin/MS09-029.mspx
Memory corruption in msvidctl.dll standard ActiveX control
An ActiveX control has detected a vulnerability that could allow arbitrary code to execute. msvidctl.dll is distributed with Windows and is installed by default.
The vulnerable version of the library is distributed with: Windows XP SP2, SP3; Windows Server 2003 SP2.
There is a public exploit for this vulnerability and there are reports of its use to infect computers.
Microsoft “closed” this vulnerability in the usual way: by setting the ActiveX Kill Bit, which prevents Internet Explorer from downloading this ActiveX component. However, the library code remains unchanged after applying the patch.
References: