SECUNIA ADVISORY ID: SA23288

VERIFY ADVISORY: http://secunia.com/advisories/23288/

CRITICAL: Highly critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

SOFTWARE:
Microsoft Internet Explorer 5.01 - http://secunia.com/product/9/
Microsoft Internet Explorer 6.x - http://secunia.com/product/11/

DESCRIPTION: Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to gain knowledge of certain information or potentially compromise a user's system.

1) A memory corruption error within the interpretation of certain DHTML script function calls to incorrectly created elements can potentially be exploited to execute arbitrary code on a user's system.

2) An unspecified error within the handling of drag and drop operations can be exploited to retrieve content of the TIF folder (Temporary Internet Files) via a specially crafted web page.

3) An unspecified error within the handling of OBJECT tags can be exploited to disclose the path to the TIF folder (Temporary Internet Files) and retrieve its contents via a specially crafted web page.

SOLUTION: Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=1D28E62C-09D3-4F38-BEA3-3FC501449D29
Internet Explorer 6 SP1 installed on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=3CFC32FC-85CA-4EDA-890D-5E359F5F0019
Internet Explorer 6 for Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B321744-B55E-4696-8B2C-B1D31672DA06
Internet Explorer 6 for Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=8D841D1B-D0B1-46AF-87BD-7DAA8C31AF39
Internet Explorer 6 for Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=3E3A9693-D21B-4214-A16C-3FC22340E600
Internet Explorer 6 for Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=9E3F7A2C-BFE1-48C5-8A8A-64A06BCDF219
Internet Explorer 6 for Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=F56065CE-6D28-479B-80A7-E04022454DE9

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Sam Thomas.
2) The vendor credits Yorick Koster.
3) Reported by the vendor.

ORIGINAL ADVISORY: MS06-072 (KB925454): http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx