Security Internet Explorer Multiple Vulnerabilities

PHP Web Host - Quality Web Hosting For All PHP Applications

• Home • Downloads • Your Account • Forums •

Site Navigation

Home:

Donate o Meter

Help Keep Our Servers Online AND Our Services Free!

Donations

Please Link To Me!

Quality Web Hosting For All PHP Applications

Quality PHP Web Host!

Great Reviews!

Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?

Need help customizing or designing scripts?

Please contact us via the Contact Us option for further details and pricing.

Link to Me

There are more Link To Me icons here.

Site Info v2.2.2 ©

Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA25627

VERIFY ADVISORY: http://secunia.com/advisories/25627/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, Spoofing, System access

WHERE: >From remote

SOFTWARE:
Microsoft Internet Explorer 5.01 - http://secunia.com/product/9/
Microsoft Internet Explorer 6.x - http://secunia.com/product/11/
Microsoft Internet Explorer 7.x - http://secunia.com/product/12366/

DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks or compromise a user's system.

1) An error within the instantiation of Urlmon.dll COM objects not intended to be instantiated in Internet Explorer can be exploited to corrupt memory.

2) An error in the handling of CSS (Cascading Style Sheet) tags can be exploited to corrupt memory via a specially crafted web page.

3) A race condition when attempting to install multiple language packs can be exploited to corrupt memory via a specially crafted web page.

4) An error in the handling of uninitialised objects can be exploited to corrupt memory via a specially crafted web page.

5) An error within the Navigation cancel page can be exploited to e.g. spoof the contents of an arbitrary site.

This may be related to: SA24535

6) An error within a component of Microsoft Speech API 4 can be exploited to execute arbitrary code via a specially crafted web page.

SOLUTION: Apply patches.

Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3B49F1ED-ABE3-4DBD-A91D-973415658F6B

Internet Explorer 6 SP1 on Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5C958650-28D2-4DD0-96A8-DBFE79CE3F68

Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=60FB294E-A8E1-405E-A289-2D2723EDF7EE

Internet Explorer 6 for Windows XP Professional x64 Edition (optionally SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D

Internet Explorer 6 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D1-090DC69FD68B

Internet Explorer 6 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=1449EB5D-6E4C-4332-8CB6-AB9EE59C9A95

Internet Explorer 6 for Windows Server 2003 for Itanium-based systems SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10C-EEE254EE34AB

Internet Explorer 7 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C2191703-8CBD-4959-9F84-E13F21173926

Internet Explorer 7 for Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BED-E18DEAE21C8E

Internet Explorer 7 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A074D9C0-1FED-4753-845E-073CFCE99F45

Internet Explorer 7 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=744ACB43-64DA-48CC-AE69-9386B597EABC

Internet Explorer 7 for Windows Server 2003 for Itanium-based systems SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=069C1560-B5E5-4DFE-A18D-E0507D406028

Internet Explorer 7 for Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-9537-626A3093AAF7

Internet Explorer 7 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-9537-626A3093AAF7

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) An anonymous researcher, reported via iDefense Labs.
3) An anonymous researcher, reported via ZDI.
4) Sam Thomas, reported via ZDI.
6) Independently discovered by:
* Will Dormann, CERT/CC
* cocoruder, Fortinet Security Research

ORIGINAL ADVISORY: MS07-033 (KB933566): http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx

OTHER REFERENCES: SA24535: http://secunia.com/advisories/24535/

Posted on Tuesday, June 12, 2007 @ 16:57:31 EDT by Raven

Related Links

· More about Security
· News by Raven

Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
::