PCWorks: Internet Explorer Multiple Vulnerabilities

Thread: PCWorks: Internet Explorer Multiple Vulnerabilities

Search this list only Search all lists
PCWorks: Internet Explorer Multiple Vulnerabilities
United States	2007-06-13 10:24:43
TITLE: Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA25627 VERIFY ADVISORY: http://secunia.c om/advisories/25627/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, Spoofing, System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 5.01 http://secunia.com/prod uct/9/ Microsoft Internet Explorer 6.x http://secunia.com/pro duct/11/ Microsoft Internet Explorer 7.x http://secunia.com/ product/12366/ DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks or compromise a user's system. 1) An error within the instantiation of Urlmon.dll COM objects not intended to be instantiated in Internet Explorer can be exploited to corrupt memory. 2) An error in the handling of CSS (Cascading Style Sheet) tags can be exploited to corrupt memory via a specially crafted web page. 3) A race condition when attempting to install multiple language packs can be exploited to corrupt memory via a specially crafted web page. 4) An error in the handling of uninitialised objects can be exploited to corrupt memory via a specially crafted web page. 5) An error within the Navigation cancel page can be exploited to e.g. spoof the contents of an arbitrary site. This may be related to: SA24535 6) An error within a component of Microsoft Speech API 4 can be exploited to execute arbitrary code via a specially crafted web page. SOLUTION: Apply patches. Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=3B49F1ED-ABE3-4DBD-A91 D-973415658F6B Internet Explorer 6 SP1 on Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=5C958650-28D2-4DD0-96A 8-DBFE79CE3F68 Internet Explorer 6 for Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=60FB294E-A8E1-405E-A28 9-2D2723EDF7EE Internet Explorer 6 for Windows XP Professional x64 Edition (optionally SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7A F-B6DAFEEEDE5D Internet Explorer 6 for Windows Server 2003 SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D 1-090DC69FD68B Internet Explorer 6 for Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=1449EB5D-6E4C-4332-8CB 6-AB9EE59C9A95 Internet Explorer 6 for Windows Server 2003 for Itanium-based systems SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10 C-EEE254EE34AB Internet Explorer 7 for Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=C2191703-8CBD-4959-9F8 4-E13F21173926 Internet Explorer 7 for Windows XP Professional x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BE D-E18DEAE21C8E Internet Explorer 7 for Windows Server 2003 SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=A074D9C0-1FED-4753-845 E-073CFCE99F45 Internet Explorer 7 for Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=744ACB43-64DA-48CC-AE6 9-9386B597EABC Internet Explorer 7 for Windows Server 2003 for Itanium-based systems SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=069C1560-B5E5-4DFE-A18 D-E0507D406028 Internet Explorer 7 for Windows Vista: http://www.microsof t.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-953 7-626A3093AAF7 Internet Explorer 7 for Windows Vista x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-953 7-626A3093AAF7 ORIGINAL ADVISORY: MS07-033 (KB933566): http://www.microsoft.com/technet/security/Bullet in/MS07-033.mspx OTHER REFERENCES: SA24535: http://secunia.c om/advisories/24535/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )