Thread-topic: [SA15368] Microsoft Internet Explorer Multiple Vulnerabilities
>
>
> TITLE:
> Microsoft Internet Explorer Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA15368
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/15368/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Security Bypass, Exposure of sensitive information, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
> Microsoft Internet Explorer 5.5
> http://secunia.com/product/10/
> Microsoft Internet Explorer 5.01
> http://secunia.com/product/9/
>
> DESCRIPTION:
> Five vulnerabilities have been reported in Microsoft Internet
> Explorer, which can be exploited by malicious people to view
> potentially sensitive information, to trick users into downloading
> and executing arbitrary programs, and to compromise a user's system.
>
> 1) A design error in the processing of keyboard shortcuts for certain
> security dialogs can e.g. be exploited to delay the "File Download"
> dialog box and trick users into executing a malicious ".bat" file
> after pressing the "r" key.
>
> 2) A design error in the processing of mouse clicks in new browser
> windows and the predictability of the position of the "File Download"
> dialog box can be exploited to trick the user into clicking on the
> "Run" button of the dialog box. This is exploited by first causing a
> "File Download" dialog box to be displayed underneath a new browser
> window, and then tricking the user into double-clicking within a
> specific area in the new window. This will result in an unintended
> click of the "Run" button in the hidden "File Download" dialog box.
>
> 3) An error exists in Internet Explorer when used with a HTTPS proxy
> server that requires clients to use Basic Authentication. This may
> cause web addresses that are sent from Internet Explorer to be
> disclosed to a third-party even when HTTPS connection is used.
>
> 4) An error exists when certain COM objects that are not intended to
> be used with Internet Explorer are instantiated in Internet Explorer.
> This can be exploited to execute arbitrary code via a malicious
> webpage that instantiates a vulnerable COM object.
>
> This is related to:
> SA16480
>
> 5) An error exists in the initialisation of certain objects when the
> "window()" function is used in conjunction with the "<body onload>"
> event. This can be exploited to execute arbitrary code via a
> malicious webpage.
>
> For more information:
> SA15546
>
> The vulnerabilities #1, #2, and #5 have been confirmed on a fully
> patched system with Internet Explorer 6.0 and Microsoft Windows XP
> SP2. Other versions may also be affected.
>
> SOLUTION:
> Apply patches.
>
> Internet Explorer 5.01 SP 4 on Microsoft Windows 2000 (requires SP
> 4):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4005B
> 74A-D6E6-4A32-A3B1-276686B4A428
>
> Internet Explorer 6 SP 1 on Microsoft Windows 2000 (requires SP 4) or
> on Microsoft Windows XP (requires SP 1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=A8443
> CD2-D98D-427B-9F0E-BD7E19FCB994
>
> Internet Explorer 6 for Microsoft Windows XP (requires SP 2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E4B5B
> A57-D4F2-4798-9154-2869E371C9D1
>
> Internet Explorer 6 for Microsoft Windows Server 2003 (with or
> without SP 1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=9D70F
> B20-C7C9-43AF-A864-6DBC9A542CC6
>
> Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium) (with
> or without SP 1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1EE79
> 0B9-E596-4344-AEC3-FCB3289D7E9C
>
> Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8E9C2
> 3E5-7988-42DA-A8BD-2C1A534BF995
>
> Internet Explorer 6 for Microsoft Windows XP Professional x64
> Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E1652
> B4A-6339-4B31-8ACF-D2A844C24F70
>
> For Microsoft Windows 98, Microsoft Windows 98 SE, and Microsoft
> Windows Millennium Edition, see the vendors original advisory.
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) Andreas Sandblad, Secunia Research
> 2) Jakob Balle, Secunia Research
> 4) Will Dormann, CERT/CC
>
> ORIGINAL ADVISORY:
> Secunia Research:
> http://secunia.com/secunia_research/2005-7/advisory/
> http://secunia.com/secunia_research/2005-21/advisory/
>
> MS05-054 (KB905915):
> http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx
>
> ----------------------------------------------------------------------