MS IE 7 Event Handler Memory Corruption

June 19, 2009

A vulnerability has been discovered in the Microsoft Internet Explorer web browser. The problem exists in the browser's method of handling certain DHTML objects. Several event types have been identified as problematic when repeatedly called during an ongoing dynamic web page modification. These events are as follows:

  • onbeforedeactivate
  • onbeforeactivate
  • ondeactive
  • onactive
  • onfocusout
  • onfocusin

Due to improper reuse of memory while processing repeated calls to events that change the markup of the HTML document, this flaw can lead to memory corruption. This may consequently lead to the injection and execution of arbitrary code.

Remote attackers may exploit this vulnerability by enticing the target user to view a malicious HTML document. Exploitation of this flaw is not considered a trivial task. Nevertheless, the popularity of the affected application makes this vulnerability a significant risk.

SonicWALL has deployed an IPS signature that will detect specific exploits targeting this vulnerability. The following signature addresses this issue:

  • 5543 - MS IE Event Handler Memory Corruption PoC (MS09-019)