Vulnerability Details Advisory Title: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability ID: - ZDI-08-006 - ZDI-CAN-243 CVE ID: CVE-2008-0077 CVSS Score: (not provided in the given information) Affected Vendor: Microsoft Affected Product: Internet Explorer Trend Micro Customer Protection: Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID [5923]. Vulnerability Details: - The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability; the target must visit a malicious page. - The flaw is in the handling of the "by" property of an animateMotion SVG element. Memory corruption occurs during the destruction of a Variant data type, leading to an overwrite of a virtual function address, enabling arbitrary code execution. Additional Details: Microsoft has issued an update to correct this vulnerability. More details are available at Microsoft Security Bulletin MS08-010. Disclosure Timeline: - 2007-09-17: Vulnerability reported to vendor - 2008-02-12: Coordinated public release of advisory Credit: Anonymous