TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20595
VERIFY ADVISORY: http://secunia.com/advisories/20595/ CRITICAL: Highly critical IMPACT: Spoofing, System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ DESCRIPTION: Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks and compromise a user's system. 1) A memory corruption error within the decoding of specially crafted UTF-8 encoded HTML can be exploited to execute arbitrary code when a user e.g. visits a malicious web site. 2) A memory corruption error within the DXImageTransform.Microsoft.Light ActiveX control's parameter validation can be exploited to execute arbitrary code when a user e.g. visits a malicious web site. 3) An error within the way certain COM objects, which are not meant to be instantiated in Internet Explorer, are instantiated can be exploited to execute arbitrary code when e.g. a malicious web site is visited. 4) An error allows spoofing of the information in the address bar and other parts of the trust UI, which can be exploited to conduct phishing attacks. 5) A memory corruption error in the way multipart HTML (.mht) is saved can be exploited to execute arbitrary code if a user is tricked into saving a specially crafted web page as multipart HTML. SOLUTION: Apply patches. Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=91A997DE-BAE4-4AC7-912D-79EF8ABAEF4F Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=0EB17A41-FB43-413B-A5CC-41E1F3DEDE4F Internet Explorer 6 for Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=85CABE87-C4A0-4F80-BD1C-210E23FD8D81 Internet Explorer 6 for Windows Server 2003 and Windows Server 2003 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=CCE7C875-C9A4-4C3D-A37B-946EE5E781E7 Internet Explorer 6 for Windows Server 2003 for Itanium-based systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=C8E4CFB6-1350-4AAE-B681-EE2ECAB41118 Internet Explorer 6 for Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=1C7D5C6D-DDCF-485D-A1E3-60E55334FD74 Internet Explorer 6 for Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=F91791AC-8185-4346-AA66-89F74D4B5EA7 Internet Explorer 6 SP1 on Windows 98, Windows 98 SE, or Windows Me: Patches are available from the Windows Update web site. ORIGINAL ADVISORY: MS06-021 (KB916281): http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx OTHER REFERENCES: KB article discussing known issues when installing the update: http://support.microsoft.com/kb/916281 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
