TITLE:
Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21396
VERIFY ADVISORY:
http://secunia.c
om/advisories/21396/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6.x
http://secunia.com/pro
duct/11/
Microsoft Internet Explorer 5.01
http://secunia.com/prod
uct/9/
DESCRIPTION:
Multiple vulnerabilities have been reported in Internet
Explorer,
which can be exploited by malicious people to gain knowledge
of
certain information or compromise a user's system.
1) An error in the interpretation of HTML with certain
layout
positioning combinations can be exploited to corrupt memory
and
execute arbitrary code via a specially crafted web page.
2) An error in the way chained Cascading Style Sheets (CSS)
are
handled can be exploited to corrupt memory and execute
arbitrary code
via a specially crafted web page.
3) Another error in the HTML rendering can be exploited to
corrupt
memory and execute arbitrary code via a specially crafted
web
page.
4) Errors in the way Internet Explorer instantiates COM
objects
not
intended to be instantiated in the browser can be exploited
to
execute arbitrary code via a specially crafted web page.
5) An error in the way the origin of a script is determined
can
be
exploited to run a script in another domain or security zone
than
intended via a specially crafted web page.
6) Script may persist across navigations making it possible
to
use
the script to access the window location of a web page in
another
domain or security zone.
SOLUTION:
Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0DE3F143-19A6-4F22-B53
B-B6A7DA33DAF4
Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP
SP1:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=B5F17679-3AA5-4D66-A81
E-F990FD0B48D2
Internet Explorer 6 for Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=CDB85BCA-0C17-44AA-B74
E-F01B5392BB31
Internet Explorer 6 for Windows Server 2003 (optionally with
SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=20288DA2-A308-45C6-BD8
0-C68C997529BD
Internet Explorer 6 for Windows Server 2003 for
Itanium-based
systems
(optionally with SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=663F1E83-BDC0-4EC6-A26
3-398E7222C9B5
Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=5C2A23AC-3F2E-4BEC-BE1
6-4B45B44C6346
Internet Explorer 6 for Windows XP Professional x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0CE7F66D-4D83-4090-A03
4-9BBE286D96FA
ORIGINAL ADVISORY:
MS06-042 (KB918899):
http://www.microsoft.com/technet/security/Bullet
in/MS06-042.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|