[security-alerts] FW: [SA23469] Internet Explorer File Download Handling Memory Corruption

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

>
> TITLE:
> Internet Explorer File Download Handling Memory Corruption
>
> SECUNIA ADVISORY ID:
> SA23469
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/23469/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 7.x
> http://secunia.com/product/12366/
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
> Microsoft Internet Explorer 5.01
> http://secunia.com/product/9/
>
> DESCRIPTION:
> Secunia Research has discovered a vulnerability in Internet Explorer,
> which can be exploited by malicious people to compromise a user's
> system.
>
> The vulnerability is caused due to an error in the file download
> queue handling when processing multiple concurrent attempts to start
> a file download. This can be exploited via a specially crafted web
> page to corrupt memory in a way that results in use of an already
> freed object.
>
> Successful exploitation allows execution of arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Windows 2000 SP4 and Internet Explorer 5.01 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=95827
> F3F-A984-4E34-A949-D16A0614121A
>
> Windows 2000 SP4 and Internet Explorer 6 SP1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=DF3BA
> 596-7C5B-4151-9884-6957AA884AAB
>
> Windows XP SP2 and Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=513A8
> 320-6D36-4FC9-A38A-867192B55B53
>
> Windows XP Professional x64 Edition (optionally with SP2) and
> Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=AE8A2
> 6D8-1910-4B8C-8A73-6E2FA6B5B29F
>
> Windows Server 2003 SP1/SP2 and Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4AEFA
> A38-8757-4E6E-8924-57CABD1C2FC3
>
> Windows Server 2003 x64 Edition (optionally with SP2) and Internet
> Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=88ABA
> 9DD-653B-4CDF-A513-CCA32A7D7E41
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems and
> Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=309A8
> F10-C7EA-4961-A969-092B0C4D7BBC
>
> Windows XP SP2 and Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4CA0A
> C93-BF51-40FE-A1BA-CB3E0A36D8B5
>
> Windows XP Professional x64 Edition (optionally with SP2) and
> Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=DBD28
> 4D0-2664-42A4-AD16-A0535244C81C
>
> Windows Server 2003 SP1/SP2 and Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0A31C
> 451-32F4-4551-AE45-D600F8B3B11B
>
> Windows Server 2003 x64 Edition (optionally with SP2) and Internet
> Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C1915
> 633-D181-4CA1-A4F0-7CA0F865AA72
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems and
> Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=093A2
> 250-3BE3-494F-80E0-89CA7217030F
>
> Windows Vista and Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=86392
> E8D-098C-427F-A233-699CDB9375AE
>
> Windows Vista x64 Edition and Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=62490
> E6D-0A21-4A15-90BD-63CA8F8886B6
>
> PROVIDED AND/OR DISCOVERED BY:
> Carsten Eiram, Secunia Research.
>
> ORIGINAL ADVISORY:
> MS07-057 (KB939653):
> http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
>
> Secunia Research:
> http://secunia.com/secunia_research/2007-31/
>