Microsoft Internet Explorer MSADO CacheSize Remote Code Execution VulnerabilityZDI-12-158: August 22nd, 2012
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 10761. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the MSADO component. When handling the a user specified CacheSize property the process uses this value to calculate the 'real' cache size. This value is used without proper validation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. This bug is a failed fix for CVE-2011-0027 / http://www.zerodayinitiative.com/advisories/ZDI-11-002/
Vendor ResponseMicrosoft has issued an update to correct this vulnerability. More details can be found at:
2012-02-13 - Vulnerability reported to vendor
2012-08-22 - Coordinated public release of advisory
CreditThis vulnerability was discovered by: