FYI...
Microsoft Security Advisory (2488013)
Vulnerability in -IE- Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2488013.mspx
• V1.1 (December 31, 2010): Revised Executive Summary to reflect investigation of targeted attacks.
December 22, 2010 - "Microsoft is investigating new, public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue. The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.Currently, Microsoft is unaware of any active exploitation of this vulnerability..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3971
Last revised: 12/23/2010
CVSS v2 Base Score: 9.3 (HIGH)
- http://blogs.technet.com/b/msrc/arch...y-2488013.aspx
22 Dec 2010
- http://secunia.com/advisories/42510
Last Update: 2010-12-23
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched...
- http://www.securitytracker.com/id?1024922
Dec 23 2010