TITLE: Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21396
VERIFY ADVISORY: http://secunia.com/advisories/21396/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to gain knowledge of certain information or compromise a user's system. 1) An error in the interpretation of HTML with certain layout positioning combinations can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page. 2) An error in the way chained Cascading Style Sheets (CSS) are handled can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page. 3) Another error in the HTML rendering can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page. 4) Errors in the way Internet Explorer instantiates COM objects not intended to be instantiated in the browser can be exploited to execute arbitrary code via a specially crafted web page. 5) An error in the way the origin of a script is determined can be exploited to run a script in another domain or security zone than intended via a specially crafted web page. 6) Script may persist across navigations making it possible to use the script to access the window location of a web page in another domain or security zone. SOLUTION: Apply patches. Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE3F143-19A6-4F22-B53B-B6A7DA33DAF4 Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F17679-3AA5-4D66-A81E-F990FD0B48D2 Internet Explorer 6 for Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB85BCA-0C17-44AA-B74E-F01B5392BB31 Internet Explorer 6 for Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=20288DA2-A308-45C6-BD80-C68C997529BD Internet Explorer 6 for Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=663F1E83-BDC0-4EC6-A263-398E7222C9B5 Internet Explorer 6 for Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=5C2A23AC-3F2E-4BEC-BE16-4B45B44C6346 Internet Explorer 6 for Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=0CE7F66D-4D83-4090-A034-9BBE286D96FA ORIGINAL ADVISORY: MS06-042 (KB918899): http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
