TITLE:
Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA18957
VERIFY ADVISORY:
http://secunia.c
om/advisories/18957/
CRITICAL:
Highly critical
IMPACT:
Spoofing, System access, Cross Site Scripting
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 5.5
http://secunia.com/pro
duct/10/
Microsoft Internet Explorer 5.01
http://secunia.com/prod
uct/9/
Microsoft Internet Explorer 6.x
http://secunia.com/pro
duct/11/
DESCRIPTION:
Multiple vulnerabilities have been reported in Internet
Explorer,
which can be exploited by malicious people to conduct
cross-site
scripting attacks, conduct phishing attacks, or compromise a
user's
system.
1) An error in the cross-domain restriction when accessing
properties
of certain dynamically created objects can be exploited to
execute
arbitrary HTML and script code in a user's browser session
in
context
of an arbitrary site via a JavaScript URI handler applied on
a
dynamically created "object" tag.
2) An error within the handling of multiple event handlers
(e.g.
onLoad) in an HTML element can be exploited to corrupt
memory
in a
way that may allow execution of arbitrary code.
3) An error within the parsing of specially crafted,
non-valid
HTML
can be exploited to corrupt memory in a way that allows
execution of
arbitrary code when a malicious HTML document is viewed.
4) An error within the instantiation of COM objects that are
not
intended to be instantiated in Internet Explorer can be
exploited to
corrupt memory in a way that allows execution of arbitrary
code.
5) An error within the handling of HTML elements containing
a
specially crafted tag can be exploited to corrupt memory in
a
way
that allows execution of arbitrary code.
6) An error within the handling of double-byte characters in
specially crafted URLs can be exploited to corrupt memory in
a
way
that allows execution of arbitrary code.
Successful exploitation requires that the system uses
double-byte
character sets.
7) An error in the way IOleClientSite information is
returned
when an
embedded object is dynamically created can be exploited to
execute
arbitrary code in context of another site or security zone.
8) An unspecified error can be exploited to spoof
information
displayed in the address bar and other parts of the trust
UI.
9) Some unspecified vulnerabilities exist in the two ActiveX
controls
included with Danim.dll and Dxtmsft.dll.
SOLUTION:
Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsoft.com/downloa...7B87-AF8F-
4346-9164-596E3E5C22B1
Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP
SP1:
http://www.microsoft.com/downloa...41E1-2B36-
4696-987A-099FC57E0129
Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloa...FB31-E6B4-
4771-81F1-4ACCEBF72133
Internet Explorer 6 for Windows Server 2003 and Windows
Server
2003
SP1:
http://www.microsoft.com/downloa...6871-D217-
41D3-BECC-B27FAFA00054
Internet Explorer 6 for Windows Server 2003 for
Itanium-based
systems
and Windows Server 2003 with SP1 for Itanium-based systems:
http://www.microsoft.com/downloa...957C-0ABE-
4129-ABAF-AA2852AD62A3
Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloa...8BE3-39EE-
4937-9BD1-280FC35125C6
Internet Explorer 6 for Windows XP Professional x64 Edition:
http://www.microsoft.com/downloa...FE3E-620A-
4BBC-868B-CA2D9EFF7AC3
Internet Explorer 6 SP1 on Windows 98, Windows 98 SE, or
Windows ME:
Patches are available via the Microsoft Update Web site or
the
Windows Update Web site.
ORIGINAL ADVISORY:
MS06-013 (KB912812):
http://www.microsoft.com/technet/security/Bullet
in/MS06-013.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|