IDP Signatures for Microsoft Internet Explorer Zero-day vulnerability (CVE-2010-0249)

  [JSA10424] Show Article Properties


Legacy Advisory Id:
PSN-2010-01-639
Product Affected:
This issue affects all unpatched versions of Internet Explorer 5, 6, 7, and 8.
Problem:
A zero day vulnerability in Microsoft Internet Explorer has been made public. This issue has been assigned the Common Vulnerability and Exposure (CVE) identifier CVE-2010-0249. Refer to the Related Links section below for more details on this CVE vulnerability report.

Microsoft has also published Microsoft Security Advisory 979352, entitled "Vulnerability in Internet Explorer Could Allow Remote Code Execution," and Microsoft Security Bulletin MS10-002. Links to Microsoft's authoritative security advisory and bulletin are also listed below.
Solution:
The ultimate solution is to patch or update every affected version of Microsoft Internet Explorer. Since this may be impractical or take a significant amount of time, coupled with the fact that criminal exploitation of the Internet Explorer Zero-Day is currently rampant on the Internet, rapid mitigation techniques should be employed where ever possible.

Mitigation:
Juniper Networks has released two IDP signatures that can currently detect the exploitation of this vulnerability, although not the specific vulnerability itself. Please refer to the Juniper Networks Knowledge Base article KB16546 for details on how to obtain and apply this proven mitigation technique.
Related Links:
Severity Level:
Critical
Severity Assessment:
This vulnerability is considered Critical by Microsoft. In certain cases, the vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.