Think you have a false positive on this rule?

Sid 1-45154

Message

BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt

Summary

This event is generated when a dynamic style update memory corruption attempt is detected in Microsoft Internet Explorer.

Impact

Attempted User Privilege Gain

CVE-2009-0075:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2009-0076:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2009-0075: Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."

CVE-2009-0076: Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."

Affected systems

  • microsoft internet_explorer 7

Ease of attack

CVE-2009-0075:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2009-0076:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • technet.microsoft.com/en-us/security/bulletin/MS09-002