TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA14922
VERIFY ADVISORY: http://secunia.com/advisories/14922/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 6 http://secunia.com/product/11/ DESCRIPTION: Some vulnerabilities has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) A race condition in the processing of DHTML objects can be exploited to execute arbitrary code via specially crafted HTML emails and web sites. 2) A boundary error in the handling of certain URLs can be exploited to execute arbitrary code via specially crafted HTML emails and web sites. 3) A boundary error in the handling of Content Advisor ratings can be exploited to execute arbitrary code via specially crafted Content Advisor content. Successful exploitation requires the user to accept and install the Content Advisor ratings. SOLUTION: Apply patches. Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=6CF45449-03D8-40B8-A4C0-09F413EE8EAB Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=627F8991-7717-4ADE-A5AE-169591B6AAE0 Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition: See original advisory. Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 with Service Pack 3 or Service Pack 4, or on Microsoft Windows XP Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=92E5A83D-9131-4B20-915A-A444C51656DC Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition: See original advisory. Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=87241BC0-E1E9-4EFC-A6EC-5413119D3100 Internet Explorer 6 for Microsoft Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=88879B7A-3F4D-40D4-ADFD-4BBD8D4D865F Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=FF80E80F-862A-4484-BC9D-FE05F966F1F4 Internet Explorer 6 for Microsoft Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=974F9611-6352-4F9C-B258-346C317857C5 Microsoft Internet Explorer on the following platforms is not affected: * Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows XP Professional x64 Edition ORIGINAL ADVISORY: MS05-020 (KB89092): http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
