Secunia Security Advisory - Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
b30536e07d8c945b64f8e3ce3351e84916a2d41d3b0e5550ed7e463450035014
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
Join the FREE BETA test of the Network Software Inspector (NSI)!
http://secunia.com/network_software_inspector/
The NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA23769
VERIFY ADVISORY:
http://secunia.com/advisories/23769/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
DESCRIPTION:
Multiple vulnerabilities have been reported in Internet Explorer,
which can be exploited by malicious people to compromise a user's
system.
1) An error within the instantiation of the chtskdic.dll COM object
not intended to be instantiated in Internet Explorer can be exploited
to corrupt memory.
2) An error in the way objects are accessed when not initiated or
already deleted can be exploited to corrupt memory via a specially
crafted web page.
3) An error when calling property methods can be exploited to corrupt
memory via a specially crafted web page.
4) Errors within the handling of HTML objects can be exploited to
corrupt memory via a specially crafted web page.
5) An error in the media service component (msauth.dll) can be
exploited to rewrite arbitrary files via a specially crafted web
page.
Successful exploitation of the vulnerabilities allows execution of
arbitrary code.
SOLUTION:
Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=67AE3381-16B2-4B34-B95C-69EE7D58B357
Internet Explorer 6 SP1 on Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=03FC8E0C-DEC5-48D1-9A34-3B639F185F7D
Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EFC6BE04-0D6B-4639-8485-DA1525F6BC52
Internet Explorer 6 for Windows XP Professional x64 Edition
(optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=A077BE20-C379-4386-B478-80197A4A4ABC
Internet Explorer 6 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D249089D-BB8E-4B86-AB8E-18C52844ACB2
Internet Explorer 6 for Windows Server 2003 for Itanium-based systems
SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D52C0AFD-CC3A-4A5C-B91B-E006D497BC26
Internet Explorer 6 for Windows Server 2003 x64 Edition SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=94B83BDD-2BD1-43E4-BABF-68135D253293
Internet Explorer 7 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7A778D93-9D85-4217-8CC0-5C494D954CA0
Internet Explorer 7 for Windows XP Professional x64 Edition
(optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=29938ED4-F8BB-4793-897C-966BA7F4830C
Internet Explorer 7 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0F173D60-6FD0-4C92-BB2A-A7A78707E35F
Internet Explorer 7 for Windows Server 2003 for Itanium-based systems
SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1944BCFA-B0BC-4BD5-9089-A618EA43EA49
Internet Explorer 7 for Windows Server 2003 x64 Edition SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=404A48A2-5765-4AFA-94BF-E97212AA14EF
Internet Explorer 7 in Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0C65FAD3-BAAE-46C4-B453-84CF28B15F50
Internet Explorer 7 in Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=74AFEA3D-79DF-4B64-BF30-B8E5C55CAB2B
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2) The vendor credits TippingPoint and ZDI.
3) Reported by the vendor.
4) JJ Reyes, Secunia Research.
5) cocoruder, Fortinet Security Research.
ORIGINAL ADVISORY:
MS07-027 (KB931768):
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed