Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA28036] Internet Explorer Multiple Code Execution Vulnerabilities

To: "security-alerts@xxxxxxxxxxxxxx" <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA28036] Internet Explorer Multiple Code Execution Vulnerabilities
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Wed, 19 Dec 2007 10:47:20 +0300
Accept-language: ru-RU, en-US
Acceptlanguage: ru-RU, en-US
Content-language: ru-RU
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: Acg8TB2cTQDIKQU0RdGUQ477yVl80wFxzLHA
Thread-topic: [SA28036] Internet Explorer Multiple Code Execution Vulnerabilities

> ----------------------------------------------------------------------
>
> TITLE:
> Internet Explorer Multiple Code Execution Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28036
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28036/
>
> CRITICAL:
> Extremely critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 5.01
> http://secunia.com/product/9/
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
> Microsoft Internet Explorer 7.x
> http://secunia.com/product/12366/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Internet Explorer, which
> can be exploited by malicious people to compromise a user's system.
>
> 1) An error exists in the way Internet Explorer handles errors when
> accessing objects, which have not been correctly initialised or that
> have been deleted.
>
> 2) Another error exists in the way Internet Explorer handles errors
> when accessing objects, which have not been correctly initialised or
> that have been deleted.
>
> 3) A third error exists in the way Internet Explorer handles errors
> when accessing objects, which have not been correctly initialised or
> that have been deleted.
>
> 4) An error when displaying web pages containing certain unexpected
> method calls to HTML objects can be exploited to corrupt memory.
>
> NOTE: This vulnerability is reportedly being actively exploited.
>
> Successful exploitation of the vulnerabilities may allow execution of
> arbitrary code when a user e.g. visits a malicious website.
>
> SOLUTION:
> Apply patches.
>
> Windows 2000 SP4 with Internet Explorer 5.01 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B3BD1
> 6EA-5D69-4AE3-84B3-AB773052CEEB
>
> Windows 2000 SP4 with Internet Explorer 6 SP1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8ED
> F05-262A-4D1D-B196-4FC1A844970C
>
> Windows XP SP2 with Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EB
> AFC-34C3-4DC7-B712-152C611D3F0A
>
> Windows XP Professional x64 Edition (optionally with SP2) and
> Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5A
> F23-30FB-4E47-94BD-3B05B55C92F2
>
> Windows Server 2003 SP1/SP2 with Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466
> 060-A585-4C2E-A48D-70E080C3BBE7
>
> Windows Server 2003 x64 Edition (optionally with SP2) and Internet
> Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=07469
> 7F2-18C8-4521-BBF7-1D0E7395D27D
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems and
> Internet Explorer 6:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F39
> 0A6-0361-4553-B627-5E7AD6BF5055
>
> Windows XP SP2 with Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6
> 506-02DD-43C2-AEF4-E10C1C76EE97
>
> Windows XP Professional x64 Edition (optionally with SP2) and
> Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C092A
> 6BB-8E62-4D90-BDB1-5F3A15968F75
>
> Windows Server 2003 SP1/SP2 with Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=34759
> C10-16A5-42A2-974D-9D532FB5A0A7
>
> Windows Server 2003 x64 Edition (optionally with SP2) and Internet
> Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCC
> E5A-7562-448B-A345-CF1CC758E35C
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems and
> Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8414F
> 3FB-216A-4D46-B590-4C1F304DFF91
>
> Windows Vista with Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=26D30
> 3DA-BB2E-4555-96F1-BECB0E277341
>
> Windows Vista x64 Edition with Internet Explorer 7:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88
> E0B-A4C2-4690-91D9-326800030A16
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> 1) Peter Vreugdenhil via iDefense VCP.
> 2) Sam Thomas via Zero Day Initiative.
> 3) Peter Vreugdenhil via Zero Day Initiative.
> 4) Reported as a 0-day.
>
> ORIGINAL ADVISORY:
> MS07-069 (KB942615):
> http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
>
>

Prev by Date: [security-alerts] FW: [SA28051] Microsoft Windows Message Queuing Buffer Overflow
Next by Date: [security-alerts] FW: [SA28046] Apache mod_imagemap Module Cross-Site Scripting Vulnerability
Previous by thread: [security-alerts] FW: [SA28051] Microsoft Windows Message Queuing Buffer Overflow
Next by thread: [security-alerts] FW: [SA28046] Apache mod_imagemap Module Cross-Site Scripting Vulnerability
Index(es):
- Date
- Thread