MS IE CSS Parsing Memory Corruption

December 21, 2010

Microsoft Internet Explorer is one of the most popular web browsers on the Internet. Internet Explorer is capable of rendering both static and dynamic web contents. It can also be used to download files, play multi-media contents and open different file formats using various plug-ins.

A use-after-free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles the creation and deletion of CSS (Cascading Style Sheets) objects. Remote attackers may exploit this vulnerability by enticing the target user to view a malicious HTML document, which allows injection and execution of arbitrary code.

SonicWALL has released several IPS signatures to detect and block known exploits targeting this vulnerability. The following signatures were released to address this issue:

  • 6094 - MS IE CSS Import Use-After-Free Code Execution 1
  • 6095 - MS IE CSS Import Use-After-Free Code Execution 2
  • 6096 - MS IE CSS Import Use-After-Free Code Execution 3

In addition to handling this specific threat, SonicWALL currently deploys a number of generic signatures which detect known shellcode patterns and evasion techniques that would likely be used during exploitation attempts of a vulnerability such as this one.

For more information about this vulnerability, please read SecurityFocus advisory Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability.