[security-alerts] FW: [SA21396] Internet Explorer Multiple Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Internet Explorer Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA21396
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21396/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> Exposure of sensitive information, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
> Microsoft Internet Explorer 5.01
> http://secunia.com/product/9/
> 
> DESCRIPTION:
> Multiple vulnerabilities have been reported in Internet Explorer,
> which can be exploited by malicious people to gain knowledge of
> certain information or compromise a user's system.
> 
> 1) An error in the interpretation of HTML with certain layout
> positioning combinations can be exploited to corrupt memory and
> execute arbitrary code via a specially crafted web page.
> 
> 2) An error in the way chained Cascading Style Sheets (CSS) are
> handled can be exploited to corrupt memory and execute arbitrary code
> via a specially crafted web page.
> 
> 3) Another error in the HTML rendering can be exploited to corrupt
> memory and execute arbitrary code via a specially crafted web page.
> 
> 4) Errors in the way Internet Explorer instantiates COM objects not
> intended to be instantiated in the browser can be exploited to
> execute arbitrary code via a specially crafted web page.
> 
> 5) An error in the way the origin of a script is determined can be
> exploited to run a script in another domain or security zone than
> intended via a specially crafted web page.
> 
> 6) Script may persist across navigations making it possible to use
> the script to access the window location of a web page in another
> domain or security zone.
> 
> SOLUTION:
> Apply patches.
> 
> Internet Explorer 5.01 SP4 on Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE3F
143-19A6-4F22-B53B-B6A7DA33DAF4
> 
> Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F17
679-3AA5-4D66-A81E-F990FD0B48D2
> 
> Internet Explorer 6 for Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB85
BCA-0C17-44AA-B74E-F01B5392BB31
> 
> Internet Explorer 6 for Windows Server 2003 (optionally with SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=20288
DA2-A308-45C6-BD80-C68C997529BD
> 
> Internet Explorer 6 for Windows Server 2003 for Itanium-based systems
> (optionally with SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=663F1
E83-BDC0-4EC6-A263-398E7222C9B5
> 
> Internet Explorer 6 for Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=5C2A2
3AC-3F2E-4BEC-BE16-4B45B44C6346
> 
> Internet Explorer 6 for Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0CE7F
66D-4D83-4090-A034-9BBE286D96FA
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits Sam Thomas.
> 2) The vendor credits Sam Thomas.
> 3) Reported by the vendor.
> 4) The vendor credits:
> * Cody Pierce, TippingPoint Security Research Team.
> * Will Dormann, CERT/CC.
> 5) Reported by the vendor.
> 6) Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> MS06-042 (KB918899):
> http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx
>