Currently Unpatched Windows / Internet Explorer Vulnerabilities

Thanks to our reader Dan for getting this started. Here is a preliminary table on various Internet Explorer and Windows vulnerabilities that are as of yet unpatched.Let me know if I forgot one. I originally planned to include some of the older issues, but none of them appears to be as relevant/serious as the issues in this list.

CVE	Name	Release Date	Affected	Exploit and comments	Mitigation
no CVE	Use after free error within "mshtml.dll"	Jan 5th 2011	IE 7,8	http://www.vupen.com/english/advisories/2011/0026
CVE-2010-3970	Graphics Rendering Engine	Jan 4th 2011	Windows XP/VIsta (not: 7, 2008 R2)	Available	Disable shimgvw.dll MSFT Advisory #2490606
no CVE	WMI ActiveX Control	Dec 23rd 2010	IE with WMI ActiveX Control installed	See this Websense blog for details	set killbit on affected ActiveX control
CVE-2010-3971	CSS Import Rule Processing Use-After-Free Vulnerability	Dec 14th 2010	IE 6,7,8	PoC available. Critical	Enhanced Mitigation Experience Toolkit MSFT Advisory #2488013

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022

Johannes

4504 Posts
ISC Handler

Jan 5th 2011

Thread locked Subscribe

Jan 5th 2011
1 decade ago

Vuln. in IIS FTP from just before xmas:
http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx

Anonymous

Quote

Jan 6th 2011
1 decade ago

VUPEN has a whole list of unpatched Windows vulnerabilities:

http://www.vupen.com/english/Unpatched-Microsoft-Vulnerabilities.php

Anonymous

Quote

Jan 6th 2011
1 decade ago