TITLE:
Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA23769
VERIFY ADVISORY:
http://secunia.c
om/advisories/23769/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/
product/12366/
Microsoft Internet Explorer 5.01
http://secunia.com/prod
uct/9/
Microsoft Internet Explorer 6.x
http://secunia.com/pro
duct/11/
DESCRIPTION:
Multiple vulnerabilities have been reported in Internet
Explorer,
which can be exploited by malicious people to compromise a
user's
system.
1) An error within the instantiation of the chtskdic.dll COM
object
not intended to be instantiated in Internet Explorer can be
exploited
to corrupt memory.
2) An error in the way objects are accessed when not
initiated
or
already deleted can be exploited to corrupt memory via a
specially
crafted web page.
3) An error when calling property methods can be exploited
to
corrupt
memory via a specially crafted web page.
4) Errors within the handling of HTML objects can be
exploited
to
corrupt memory via a specially crafted web page.
5) An error in the media service component (msauth.dll) can
be
exploited to rewrite arbitrary files via a specially crafted
web
page.
Successful exploitation of the vulnerabilities allows
execution
of
arbitrary code.
SOLUTION:
Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=67AE3381-16B2-4B34-B95
C-69EE7D58B357
Internet Explorer 6 SP1 on Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=03FC8E0C-DEC5-48D1-9A3
4-3B639F185F7D
Internet Explorer 6 for Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=EFC6BE04-0D6B-4639-848
5-DA1525F6BC52
Internet Explorer 6 for Windows XP Professional x64 Edition
(optionally with SP2):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=A077BE20-C379-4386-B47
8-80197A4A4ABC
Internet Explorer 6 for Windows Server 2003 SP1/SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=D249089D-BB8E-4B86-AB8
E-18C52844ACB2
Internet Explorer 6 for Windows Server 2003 for
Itanium-based
systems
SP1/SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=D52C0AFD-CC3A-4A5C-B91
B-E006D497BC26
Internet Explorer 6 for Windows Server 2003 x64 Edition
SP1/SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=94B83BDD-2BD1-43E4-BAB
F-68135D253293
Internet Explorer 7 for Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=7A778D93-9D85-4217-8CC
0-5C494D954CA0
Internet Explorer 7 for Windows XP Professional x64 Edition
(optionally with SP2):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=29938ED4-F8BB-4793-897
C-966BA7F4830C
Internet Explorer 7 for Windows Server 2003 SP1/SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0F173D60-6FD0-4C92-BB2
A-A7A78707E35F
Internet Explorer 7 for Windows Server 2003 for
Itanium-based
systems
SP1/SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=1944BCFA-B0BC-4BD5-908
9-A618EA43EA49
Internet Explorer 7 for Windows Server 2003 x64 Edition
SP1/SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=404A48A2-5765-4AFA-94B
F-E97212AA14EF
Internet Explorer 7 in Windows Vista:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0C65FAD3-BAAE-46C4-B45
3-84CF28B15F50
Internet Explorer 7 in Windows Vista x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=74AFEA3D-79DF-4B64-BF3
0-B8E5C55CAB2B
ORIGINAL ADVISORY:
MS07-027 (KB931768):
http://www.microsoft.com/technet/security/Bullet
in/MS07-027.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
