(FYI...Contrary to what is stated below, IE6 is indeed affected by this, (or a) WMF vulnerability and there are 2 or 3 patches out now for it). -Clint
TITLE: Internet Explorer Unspecified WMF Image Handling Vulnerability SECUNIA ADVISORY ID: SA18729 VERIFY ADVISORY: http://secunia.com/advisories/18729/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ DESCRIPTION: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code on a user's system by e.g. tricking the user to visit a malicious website that hosts a specially crafted WMF file or via an email message containing a specially crafted attachment. The vulnerability has been reported in the following versions: * Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 * Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium. The vulnerability does not affect the following versions of Windows: * Windows XP Service Pack 1 * Windows XP Service Pack 2 * Windows XP Professional x64 Edition * Windows Server 2003 * Windows Server 2003 Service Pack 1 * Windows Server 2003 for Itanium-based Systems * Windows Server 2003 with Service Pack 1 for Itanium-based Systems * Windows Server 2003 x64 Edition NOTE: The vulnerability may also be exploitable through other applications handling WMF images. SOLUTION: The vendor recommends users to install Internet Explorer 6 SP1, which is unaffected. http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.mspx ORIGINAL ADVISORY: Microsoft KB913333: http://www.microsoft.com/technet/security/advisory/913333.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
