Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA28036] Internet Explorer Multiple Code Execution Vulnerabilities



> ----------------------------------------------------------------------
>
> TITLE:
> Internet Explorer Multiple Code Execution Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28036
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28036/
>
> CRITICAL:
> Extremely critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 5.01
> http://secunia.com/product/9/
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
> Microsoft Internet Explorer 7.x
> http://secunia.com/product/12366/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Internet Explorer, which
> can be exploited by malicious people to compromise a user's system.
>
> 1) An error exists in the way Internet Explorer handles errors when
> accessing objects, which have not been correctly initialised or that
> have been deleted.
>
> 2) Another error exists in the way Internet Explorer handles errors
> when accessing objects, which have not been correctly initialised or
> that have been deleted.
>
> 3) A third error exists in the way Internet Explorer handles errors
> when accessing objects, which have not been correctly initialised or
> that have been deleted.
>
> 4) An error when displaying web pages containing certain unexpected
> method calls to HTML objects can be exploited to corrupt memory.
>
> NOTE: This vulnerability is reportedly being actively exploited.
>
> Successful exploitation of the vulnerabilities may allow execution of
> arbitrary code when a user e.g. visits a malicious website.
>
> SOLUTION:
> Apply patches.
>
> Windows 2000 SP4 with Internet Explorer 5.01 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B3BD1
> 6EA-5D69-4AE3-84B3-AB773052CEEB
>
> Windows 2000 SP4 with Internet Explorer 6 SP1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8ED
> F05-262A-4D1D-B196-4FC1A844970C
>
> Windows XP SP2 with Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EB
> AFC-34C3-4DC7-B712-152C611D3F0A
>
> Windows XP Professional x64 Edition (optionally with SP2) and
> Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5A
> F23-30FB-4E47-94BD-3B05B55C92F2
>
> Windows Server 2003 SP1/SP2 with Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466
> 060-A585-4C2E-A48D-70E080C3BBE7
>
> Windows Server 2003 x64 Edition (optionally with SP2) and Internet
> Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=07469
> 7F2-18C8-4521-BBF7-1D0E7395D27D
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems and
> Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F39
> 0A6-0361-4553-B627-5E7AD6BF5055
>
> Windows XP SP2 with Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6
> 506-02DD-43C2-AEF4-E10C1C76EE97
>
> Windows XP Professional x64 Edition (optionally with SP2) and
> Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C092A
> 6BB-8E62-4D90-BDB1-5F3A15968F75
>
> Windows Server 2003 SP1/SP2 with Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=34759
> C10-16A5-42A2-974D-9D532FB5A0A7
>
> Windows Server 2003 x64 Edition (optionally with SP2) and Internet
> Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCC
> E5A-7562-448B-A345-CF1CC758E35C
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems and
> Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8414F
> 3FB-216A-4D46-B590-4C1F304DFF91
>
> Windows Vista with Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=26D30
> 3DA-BB2E-4555-96F1-BECB0E277341
>
> Windows Vista x64 Edition with Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88
> E0B-A4C2-4690-91D9-326800030A16
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> 1) Peter Vreugdenhil via iDefense VCP.
> 2) Sam Thomas via Zero Day Initiative.
> 3) Peter Vreugdenhil via Zero Day Initiative.
> 4) Reported as a 0-day.
>
> ORIGINAL ADVISORY:
> MS07-069 (KB942615):
> http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
>
>



 




Copyright © Lexa Software, 1996-2009.