The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Internet Explorer 8: use after free via CMarkup

Synthesis of the vulnerability 

An attacker can use a freed memory area in the CMarkup class of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Vulnerable products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity of this weakness: 3/4.
Creation date: 22/05/2014.
Références of this bulletin: 2969262, CVE-2014-1770, MS14-035, VIGILANCE-VUL-14790, VU#239151, ZDI-14-140.

Description of the vulnerability 

The Internet Explorer product uses the MSHTML!CMarkup class when a web document is processed.

The CollectGarbage() method can free a pointer allocated by CMarkup::CreateInitialMarkup(), however it is then reused.

An attacker can therefore use a freed memory area in the CMarkup class of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.

Our Vigil@nce team determined that the severity of this threat note is important.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness.

Solutions for this threat 

Internet Explorer: patch.
A patch is available in information sources.

Internet Explorer 8: workaround for CMarkup.
A workaround is to:
 - install Internet Explorer 11
 - use EMET (http://support.microsoft.com/kb/2458544)
 - disable scripts
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.