TITLE:
Microsoft Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA20595
VERIFY ADVISORY:
http://secunia.c
om/advisories/20595/
CRITICAL:
Highly critical
IMPACT:
Spoofing, System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6.x
http://secunia.com/pro
duct/11/
Microsoft Internet Explorer 5.01
http://secunia.com/prod
uct/9/
DESCRIPTION:
Some vulnerabilities have been reported in Internet
Explorer,
which
can be exploited by malicious people to conduct phishing
attacks and
compromise a user's system.
1) A memory corruption error within the decoding of
specially
crafted
UTF-8 encoded HTML can be exploited to execute arbitrary
code
when a
user e.g. visits a malicious web site.
2) A memory corruption error within the
DXImageTransform.Microsoft.Light ActiveX control's
parameter
validation can be exploited to execute arbitrary code when a
user
e.g. visits a malicious web site.
3) An error within the way certain COM objects, which are
not
meant
to be instantiated in Internet Explorer, are instantiated
can
be
exploited to execute arbitrary code when e.g. a malicious
web
site is
visited.
4) An error allows spoofing of the information in the
address
bar and
other parts of the trust UI, which can be exploited to
conduct
phishing attacks.
5) A memory corruption error in the way multipart HTML
(.mht)
is
saved can be exploited to execute arbitrary code if a user
is
tricked
into saving a specially crafted web page as multipart HTML.
SOLUTION:
Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=91A997DE-BAE4-4AC7-912
D-79EF8ABAEF4F
Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP
SP1:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0EB17A41-FB43-413B-A5C
C-41E1F3DEDE4F
Internet Explorer 6 for Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=85CABE87-C4A0-4F80-BD1
C-210E23FD8D81
Internet Explorer 6 for Windows Server 2003 and Windows
Server
2003
SP1:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=CCE7C875-C9A4-4C3D-A37
B-946EE5E781E7
Internet Explorer 6 for Windows Server 2003 for
Itanium-based
systems
(with or without SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=C8E4CFB6-1350-4AAE-B68
1-EE2ECAB41118
Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=1C7D5C6D-DDCF-485D-A1E
3-60E55334FD74
Internet Explorer 6 for Windows XP Professional x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=F91791AC-8185-4346-AA6
6-89F74D4B5EA7
Internet Explorer 6 SP1 on Windows 98, Windows 98 SE, or
Windows Me:
Patches are available from the Windows Update web site.
ORIGINAL ADVISORY:
MS06-021 (KB916281):
http://www.microsoft.com/technet/security/Bullet
in/MS06-021.mspx
OTHER REFERENCES:
KB article discussing known issues when installing the
update:
http://support
.microsoft.com/kb/916281
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|