Internet Explorer on Windows Phone affected by 4 code-execution bugs

By Scorpus
Jul 24, 2015
Post New Reply
  1. Researchers have discovered and publicly detailed four vulernabilities with Internet Explorer on up-to-date and fully patched versions of Windows Phone that could give an attacker the ability to remotely execute code on a user's device.

    The research team at TippingPoint, owned by HP, first reported the issues to Microsoft in private in the hope that they would release a patch before word hit the streets. Microsoft asked for an extension beyond the normal four month privacy window given by TippingPoint, and these extensions expired on Sunday, allowing the researchers to publicly reveal the issues.

    The first of the vulnerabilities relates to how Internet Explorer on Windows Phone handles arrays representing HTML tables. The vulnerability allows an attacker, through careful manipulation of a webpage, to access memory beyond the end of an array of HTML cells, giving them a way to execute code.

    The other three vulnerabilities concern the handling of CAttrArray, CCurrentStyle, and CTreePos objects. Through the use of a malicious webpage, an attacker could "force a dangling pointer to be reused after it has been freed", again giving them a way to execute code.

    All four of the vulnerabilities allow code execution "under the context of the current process", which suggests that the code would be contained within Internet Explorer's sandbox. This would prevent the code from accessing critical system functionality, although only if the attack wasn't combined with the use of a separate privilege-escalation exploit.

    Microsoft is aware of the issues with Internet Explorer on Windows Phone, but it's unclear why the company hasn't issued a patch. In a statement to Ars Technica, Microsoft believes that "no attacks have been reported", saying the company will "continue to monitor the situation and will take appropriate steps to protect our customers."

    Permalink to story.

  2. bexwhitt

    bexwhitt TS Addict Posts: 289   +55

    Microsoft have not done anything because the NSA were using the exploit as a back door. into the three people who have a windows phone.
  3. Come on -- be nice. Everyone knows that it is "four people."
  4. risc32

    risc32 TS Booster Posts: 186   +75

    If you're counting me, it might be 5. I really like my win phone but I know they are hardly a player. I guess most people want lots of apps I don't and paying far far more for way less storage, and less freedom to have what you want were.
    . But honestly my win phone works very well except it crashes back to the desktop on webpages all the time. It's nuts, I don't recall win95 having problems like this.
  5. The article didn't specify which OS version is affected (WP7.x, WP8.x, WM10), as I believe there are different versions of IE in each (and Edge is the primary browser with WM10). This may make a difference to the 6 million Windows Phone users in the US.
  6. Call me Cynical..

    but isn't the Win10 r̶e̶l̶e̶a̶s̶e̶ containment imminent...

    " Did you know ?

    • Microsoft and HP have the longest-standing relationship in the industry –31 years

    • HP is the largest Microsoft Lync customer in the world with 350K seats deployed

    • HP servers are a benchmark platform for Microsoft technologies

    • HP is Microsoft’s #1 OEM partner worldwide

    • HP is Microsoft’s #1 Windows desktop deployment partner

    • HP is Microsoft’s #1 Lync voice deployment partne "-


Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...