Security Microsoft Internet Explorer Multiple Vulnerabilities

PHP Web Host - Quality Web Hosting For All PHP Applications

• Home • Downloads • Your Account • Forums •

Site Navigation

Home:

Donate o Meter

Help Keep Our Servers Online AND Our Services Free!

Donations

Please Link To Me!

Quality Web Hosting For All PHP Applications

Quality PHP Web Host!

Great Reviews!

Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?

Need help customizing or designing scripts?

Please contact us via the Contact Us option for further details and pricing.

Link to Me

There are more Link To Me icons here.

Site Info v2.2.2 ©

Microsoft Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA33035
VERIFY ADVISORY: http://secunia.com/advisories/33035/
CRITICAL: Highly critical
IMPACT: System access
SOFTWARE:
Microsoft Internet Explorer 5.01 - http://secunia.com/advisories/product/9/
Microsoft Internet Explorer 6.x - http://secunia.com/advisories/product/11/
Microsoft Internet Explorer 7.x - http://secunia.com/advisories/product/12366/

DESCRIPTION: Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

1) An error when handling parameters passed to unspecified navigation methods can be exploited to corrupt memory via a specially crafted web page.
2) An unspecified error when handling HTML objects can be exploited to dereference uninitialized memory and corrupt memory via a specially crafted web page.
3) An unspecified use-after-free error can be exploited to corrupt memory via a specially crafted web page.
4) An error when unexpected data is encountered while embedding an object into a page can be exploited to corrupt memory.

SOLUTION: Apply patches.
Windows 2000 SP4 with Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=c242ba42-556b-4c87-bf33-9d99166ff096
Windows 2000 SP4 with Internet Explorer 6 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=c0583745-7e57-4265-9429-c3415cb8465f
Windows XP SP2/SP3 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=af9a6cb0-725d-490c-9858-16ec40e98560
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=60bf9851-24fe-4658-8333-d353e82063c7
Windows Server 2003 SP1/SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=d53adf6f-9501-4862-a1ca-57eb4d40cd75
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=5e37cb34-32be-4bbe-87f3-c4e1974e4d00
Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=0da4e424-4682-4401-a226-7d8f1be19d44
Windows XP SP2/SP3 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=1b582695-b3cc-4c65-bc4b-d673c9a6d82a
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=107cf54b-29d4-4c54-b091-2b5b3ffbf49d
Windows Server 2003 SP1/SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=9cdd4f9e-c578-405c-af9e-628f2d77fdf4
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7:http://www.microsoft.com/downloads/details.aspx?familyid=7c36f92c-d8a0-4b70-b85f-83588a0299a0
Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=3811030d-5958-4b91-b5b8-20587dc7c4d6
Windows Vista (optionally with SP1) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=3f62030a-9ce2-4c92-b948-143a6881921e
Windows Vista x64 Edition (optionally with SP1) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=d8800493-fba4-41f8-bde5-a53eeaf89d54
Windows Server 2008 for 32-bit Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=45a0de3c-c7d1-4314-a456-1f7428b7c90a
Windows Server 2008 for x64-based Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=405b28db-47d7-4d6b-90e6-834c0a409323
Windows Server 2008 for Itanium-based Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=f0d4f321-941e-4da7-958f-582c75542ee8

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Carlo Di Dato (aka shinnai)
2) Brett Moore via ZDI
3) Chris Weber, Casaba Security.
4) Jun Mao, Verisign iDefense Labs.

ORIGINAL ADVISORY: MS08-073 (KB958215):http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx

Posted on Wednesday, December 10, 2008 @ 23:17:10 EST by Raven

Related Links

· More about Security
· News by Raven

Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

Associated Topics

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
::