Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28903] Microsoft Internet Explorer Multiple Vulnerabilities
>
> TITLE:
> Microsoft Internet Explorer Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28903
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28903/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 5.01
> http://secunia.com/product/9/
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
> Microsoft Internet Explorer 7.x
> http://secunia.com/product/12366/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Internet Explorer, which
> can be exploited by malicious people to compromise a user's system.
>
> 1) An error in the way HTML with certain layout combinations is
> interpreted can be exploited to corrupt memory via a specially
> crafted web page.
>
> 2) An error in the way a certain property method is handled can be
> exploited via a specially crafted web page.
>
> 3) An error in the argument validation when processing images can be
> exploited to corrupt memory via a specially crafted web page.
>
> Successful exploitation of the vulnerabilities may allow execution of
> arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Windows 2000 SP4 and Internet Explorer 5.01 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A
> 039-468B-4C5F-8C1C-5E54C2832E41
>
> Windows 2000 SP4 and Internet Explorer 6 SP1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66
> DCE-5060-4814-8754-829B4E190359
>
> Windows XP SP2 and Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA
> 3CB-021F-4890-AB20-2A51F8E17554
>
> Windows XP Professional x64 Edition (optionally with SP2) and
> Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F
> 576-8B30-4866-90EC-929D24F3B409
>
> Windows Server 2003 SP1/SP2 and Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7
> ED1-FE78-459A-B834-D0F3C69CB703
>
> Windows Server 2003 x64 Edition (optionally with SP2) and Internet
> Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E
> 23C-38BB-4FE7-A830-D7BDF7659392
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems and
> Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097
> F7A-B696-48D0-B13F-337C5FD14E24
>
> Windows XP SP2 and Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA2
> 93A-6332-4C6C-B128-876F516BD030
>
> Windows XP Professional x64 Edition (optionally with SP2) and
> Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF
> 1B6-6E23-4005-AEF6-82195B380153
>
> Windows Server 2003 SP1/SP2 and Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6
> 562-881E-4FD6-BE1B-53426A0FF4A9
>
> Windows Server 2003 x64 Edition (optionally with SP2) and Internet
> Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4BB99
> AFC-BE14-4F2E-9570-B7FE09E39131
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems and
> Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=6FA80
> E2C-5E91-4B33-ACD9-33F156660AE7
>
> Windows Vista and Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE25
> B98-F443-4874-A06F-4DAAE14C16B0
>
> Windows Vista x64 Edition and Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C08EB
> BE7-639B-4EA2-8304-FAB531930ABF
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits Shane Macaulay and Riley Hassell, Security
> Objectives.
> 2) The vendor credits an anonymous person via ZDI.
> 3) The vendor credits Venustech of ADLABS.
>
> ORIGINAL ADVISORY:
> MS08-010 (KB944533):
> http://www.microsoft.com/technet/security/Bulletin/MS08-010.mspx
>
|