This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate.
[...]
Microsoft thanks the following for working with us to help protect customers:
- David Lindsay "thornmaker" and Eduardo A. Vela Nava "sirdarckcat" for reporting the XSS Filter Script Handling Vulnerability (CVE-2009-4074)
- Lostmon Lords for reporting the URL Validation Vulnerability (CVE-2010-0027)
- Brett Moore, working with TippingPoint and the Zero Day Initiative, for reporting the URL Validation Vulnerability (CVE-2010-0027)
- Wushi of team509, working with TippingPoint and the Zero Day Initiative, for reporting the Uninitialized Memory Corruption Vulnerability (CVE-2010-0244)
- Sam Thomas of eshu.co.uk, working with TippingPoint and the Zero Day Initiative, for reporting the Uninitialized Memory Corruption Vulnerability (CVE-2010-0245)
- Sam Thomas of eshu.co.uk, working with TippingPoint and the Zero Day Initiative, for reporting the Uninitialized Memory Corruption Vulnerability (CVE-2010-0246)
- Haifei Li of Fortinet’s FortiGuard Labs for reporting the Uninitialized Memory Corruption Vulnerability (CVE-2010-0247)
- Peter Vreugdenhil, working with TippingPoint and the Zero Day Initiative, for reporting the HTML Object Memory Corruption Vulnerability (CVE-2010-0248)
- Meron Sellem of BugSec for reporting the HTML Object Memory Corruption Vulnerability (CVE-2010-0249)
- Google Inc. and MANDIANT
- Adobe
- McAfee
- French government CSIRT (CERTA)
Of the nine vulnerabilities fixed in this patch, five were reported via TippingPoint's ZDI program.
For those keeping track, CVE-2010-0249 is the zeroday that was used in "Operation Aurora".
No comments:
Post a Comment