TITLE:
Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA24156
VERIFY ADVISORY:
http://secunia.c
om/advisories/24156/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 5.01
http://secunia.com/prod
uct/9/
Microsoft Internet Explorer 6.x
http://secunia.com/pro
duct/11/
Microsoft Internet Explorer 7.x
http://secunia.com/
product/12366/
DESCRIPTION:
Some vulnerabilities have been reported in Internet
Explorer,
which
can be exploited by malicious people to compromise a user's
system.
1) An error within the instantiation of COM objects
(Imjpcksid.dll
and Imjpskdic.dll) not intended to be instantiated in
Internet
Explorer can be exploited to cause a memory corruption.
2) Another error within the instantiation of COM objects
(Msb1fren.dll, Htmlmm.ocx, and Blnmgrps.dll) not intended to
be
instantiated in Internet Explorer can be exploited to cause
a
memory
corruption.
3) An error within the parsing of FTP server responses can
be
exploited to cause a memory corruption via a specially
crafted
response sent to the FTP client in Internet Explorer.
Successful exploitation of the vulnerabilities allows
execution
of
arbitrary code.
SOLUTION:
Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=2D83EFCE-E507-4AFF-AB9
B-EAF1D0D6320D
Internet Explorer 6 SP1 installed on Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=D9E4181A-05F9-4186-BDC
A-C95351983844
Internet Explorer 6 for Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=D4038DC1-8AF6-4BEA-82B
8-EACCFF4CDB28
Internet Explorer 6 for Windows XP Professional x64
Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=D6EEEA2C-785E-4DEF-913
E-7F121556554F
Internet Explorer 6 for Windows Server 2003 (optionally with
SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=C6BCBE07-39C1-4705-A10
D-019DA3F997E5
Internet Explorer 6 for Windows Server 2003 for
Itanium-based
systems
(optionally with SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=6476A14B-0D00-4F55-A43
8-E140E9D26849
Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=C18DB204-0F2C-4DD4-B29
C-0938FF1BFD7B
Internet Explorer 7 for Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=EE851EFD-2CAF-41CE-A42
3-E1827DE318DF
Internet Explorer 7 for Windows XP Professional x64
Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=AC084BBB-084D-47AC-BFD
A-156E34A63817
Internet Explorer 7 for Windows Server 2003 SP1:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=36DAE010-AD1F-4E77-A35
3-9AFA41F065EA
Internet Explorer 7 for Windows Server 2003 with SP1 for
Itanium-based systems:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=631B590D-98CE-440D-B58
8-88CC31BB9370
Internet Explorer 7 for Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=A05D1E57-6678-4C25-B5E
2-98F18BAA454B
ORIGINAL ADVISORY:
MS07-016 (KB928090):
http://www.microsoft.com/technet/security/Bullet
in/MS07-016.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
