Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability

Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability

References:

Clarification on the various workarounds from the recent IE advisory (Microsoft)
Alert: IE70DAY attack code has been linked to the use of trojan horse (GreySign)
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE)
Microsoft Internet Explorer Homepage (Microsoft)
Microsoft Security Advisory 961051 Updated (Microsoft Security Response Center (MSRC))
Microsoft Security Bulletin Advance Notification for December 2008 (Microsoft)
MS08-078 and the SDL (Microsoft)
New Web attack exploits unpatched IE flaw (Robert McMillan)
ASA-2008-510 - MS08-078 Security Update for Internet Explorer (960714) (Avaya)
EEYEZD-20081209 Microsoft Internet Explorer 7 XML Zero-Day (eEye Digital Security)
HPSBST02397 SSRT080187 rev.1 - Storage Management Appliance (SMA), Microsoft Pat (HP)
Microsoft Security Advisory 961051 (Microsoft)
Microsoft Security Bulletin MS08-078 (Microsoft)
Nortel Response to Microsoft Security Bulletin MS08-078 (Nortel Networks)
VU#493881 - Microsoft Internet Explorer 7 XML parsing memory corruption (US-CERT)

Privacy Statement
Copyright 2010, SecurityFocus