Ravens PHP Scripts

Microsoft Internet Explorer Multiple Vulnerabilities
Date: Wednesday, December 10, 2008 @ 23:17:10 UTC
Topic: Security


SECUNIA ADVISORY ID: SA33035
VERIFY ADVISORY: http://secunia.com/advisories/33035/
CRITICAL: Highly critical
IMPACT: System access
SOFTWARE:
Microsoft Internet Explorer 5.01 - http://secunia.com/advisories/product/9/
Microsoft Internet Explorer 6.x - http://secunia.com/advisories/product/11/
Microsoft Internet Explorer 7.x - http://secunia.com/advisories/product/12366/

DESCRIPTION: Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.



1) An error when handling parameters passed to unspecified navigation methods can be exploited to corrupt memory via a specially crafted web page.
2) An unspecified error when handling HTML objects can be exploited to dereference uninitialized memory and corrupt memory via a specially crafted web page.
3) An unspecified use-after-free error can be exploited to corrupt memory via a specially crafted web page.
4) An error when unexpected data is encountered while embedding an object into a page can be exploited to corrupt memory.

SOLUTION: Apply patches.
Windows 2000 SP4 with Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=c242ba42-556b-4c87-bf33-9d99166ff096
Windows 2000 SP4 with Internet Explorer 6 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=c0583745-7e57-4265-9429-c3415cb8465f
Windows XP SP2/SP3 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=af9a6cb0-725d-490c-9858-16ec40e98560
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=60bf9851-24fe-4658-8333-d353e82063c7
Windows Server 2003 SP1/SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=d53adf6f-9501-4862-a1ca-57eb4d40cd75
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=5e37cb34-32be-4bbe-87f3-c4e1974e4d00
Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=0da4e424-4682-4401-a226-7d8f1be19d44
Windows XP SP2/SP3 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=1b582695-b3cc-4c65-bc4b-d673c9a6d82a
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=107cf54b-29d4-4c54-b091-2b5b3ffbf49d
Windows Server 2003 SP1/SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=9cdd4f9e-c578-405c-af9e-628f2d77fdf4
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7:http://www.microsoft.com/downloads/details.aspx?familyid=7c36f92c-d8a0-4b70-b85f-83588a0299a0
Windows Server 2003 with SP1/SP2 for Itanium-based Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=3811030d-5958-4b91-b5b8-20587dc7c4d6
Windows Vista (optionally with SP1) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=3f62030a-9ce2-4c92-b948-143a6881921e
Windows Vista x64 Edition (optionally with SP1) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=d8800493-fba4-41f8-bde5-a53eeaf89d54
Windows Server 2008 for 32-bit Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=45a0de3c-c7d1-4314-a456-1f7428b7c90a
Windows Server 2008 for x64-based Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=405b28db-47d7-4d6b-90e6-834c0a409323
Windows Server 2008 for Itanium-based Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=f0d4f321-941e-4da7-958f-582c75542ee8

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Carlo Di Dato (aka shinnai)
2) Brett Moore via ZDI
3) Chris Weber, Casaba Security.
4) Jun Mao, Verisign iDefense Labs.

ORIGINAL ADVISORY: MS08-073 (KB958215):http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx






This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com

The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3503