Welcome to the Virus Encyclopedia of Panda Security.
MS10-053 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in Internet Explorer on Windows 7/2008/Vista/2003/XP computers, which allows arbitrary code to be remotely executed and information to be disclosed. Affected versions of Internet Explorer are 6, 7 and 8.
The addressed vulnerabilities are:
- Event Handler Cross-Domain vulnerability: an information disclosure vulnerability that occurs because Internet Explorer does not correctly interpret the origin of script, allowing script to gain access to a browser window in another domain or Internet Explorer zone.
- Uninitialized Memory Corruption vulnerability: this remote code execution vulnerability occurs due to the way that Internet Explorer accesses an object which has not been correctly initialized or has been deleted.
- Race Condition Memory Corruption vulnerability: this remote code execution vulnerability is due to the way that Internet Explorer accesses an object that may have been corrupted due to a race condition.
- HTML Layout Memory Corruption vulnerability: a remote code execution vulnerability that happens when Internet Explorer attempts to access the memory that has not been correctly initialized or has been deleted.
If exploited successfully, MS10-053 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user and to disclose information.
MS10-053 is usually exploited by creating a specially crafted web page and enticing users to view it. It could also be exploited by embedding an ActiveX control marked "safe for initialization" in an application or Office document that hosts the IE rendering engine. An attacking user coud also take advantage of compromised websites that accept or host user-provided content or advertisements.
If you have any of the vulnerable versions of Internet Explorer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.
However, provided that this is a cumulative patch, make sure that you download the latest security patch available.