ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA26419] Microsoft Internet Explorer Multiple Vulnerabilities



>
> TITLE:
> Microsoft Internet Explorer Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA26419
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26419/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 5.01
> http://secunia.com/product/9/
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
> Microsoft Internet Explorer 7.x
> http://secunia.com/product/12366/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Internet Explorer, which
> can be exploited by malicious people to compromise a user's system.
>
> 1) An error when parsing certain CSS strings can be exploited to
> cause a memory corruption when a user e.g. visits a malicious
> website.
>
> Successful exploitation may allow execution of arbitrary code.
>
> 2) The tblinf32.dll or vstlbinf.dll ActiveX control implements
> IObjectsafety incorrectly, which can be exploited to execute
> arbitrary code when a user e.g. visits a malicious website.
>
> 3) An error in the pdwizard.ocx ActiveX control can be exploited to
> cause a memory corruption when a user e.g. visits a malicious
> website.
>
> Successful exploitation may allow execution of arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Internet Explorer 5.01 SP4 for Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=FCF94
> 40F-BB36-4ED1-9B6B-74A4F055650B
>
> Internet Explorer 6 SP1 for Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8DB75
> 461-4DCA-43DB-AA30-C7E67CE954AD
>
> Internet Explorer 6 for Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=5D31D
> 916-867F-4DBF-B8A4-C75EA83F4F51
>
> Internet Explorer 6 for Windows XP Professional x64 Edition
> (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B15B2
> 442-D6DA-41DD-A424-11C9893BE595
>
> Internet Explorer 6 for Windows Server 2003 SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=F2F9F
> B69-0399-4DF0-9F5B-8F42A130C581
>
> Internet Explorer 6 for Windows Server 2003 x64 Edition (optionally
> with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=D0BD8
> 86D-2C80-4DD7-82B7-1BD1F8D398CC
>
> Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems
> SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BF410
> 33A-D6F0-451E-9B69-4CBE2BB3F804
>
> Internet Explorer 7 for Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7A2B4
> 395-EABA-45EC-8D0C-932EBCC3D344
>
> Internet Explorer 7 for Windows XP Professional x64 Edition
> (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CD7ED
> 4D5-7790-41DB-8B68-CFD59105CA36
>
> Internet Explorer 7 for Windows Server 2003 SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4F8DA
> ED8-9925-494D-B2F5-1E29F4040F6A
>
> Internet Explorer 7 for Windows Server 2003 x64 Edition (optionally
> with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=34669
> CA2-46B0-4FBF-8FBD-AD7A13920103
>
> Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems
> SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=5BD7B
> CBD-528A-4A16-A39A-A5FF5F69A2E2
>
> Internet Explorer 7 for Windows Vista:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE27
> B2F-ACA4-4758-8CE4-A98F1FF6BA70
>
> Internet Explorer 7 for Windows Vista x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=53497
> E53-D10C-43AF-AD56-9F07739A5284
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> 1) NSFocus Security Team
> 2) Brett Moore, Security-Assessment.com
>
> ORIGINAL ADVISORY:
> MS07-045 (KB937143):
> http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx
>



 




Copyright © Lexa Software, 1996-2009.