Secunia Security Advisory - Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
62145c1bfef4699679ff91307f661831ebf08d99270ec67180495e7e92745a8c
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Internet Explorer Multiple Code Execution Vulnerabilities
SECUNIA ADVISORY ID:
SA28036
VERIFY ADVISORY:
http://secunia.com/advisories/28036/
CRITICAL:
Extremely critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/
DESCRIPTION:
Some vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to compromise a user's system.
1) An error exists in the way Internet Explorer handles errors when
accessing objects, which have not been correctly initialised or that
have been deleted.
2) Another error exists in the way Internet Explorer handles errors
when accessing objects, which have not been correctly initialised or
that have been deleted.
3) A third error exists in the way Internet Explorer handles errors
when accessing objects, which have not been correctly initialised or
that have been deleted.
4) An error when displaying web pages containing certain unexpected
method calls to HTML objects can be exploited to corrupt memory.
NOTE: This vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code when a user e.g. visits a malicious website.
SOLUTION:
Apply patches.
Windows 2000 SP4 with Internet Explorer 5.01 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B3BD16EA-5D69-4AE3-84B3-AB773052CEEB
Windows 2000 SP4 with Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C
Windows XP SP2 with Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A
Windows XP Professional x64 Edition (optionally with SP2) and
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2
Windows Server 2003 SP1/SP2 with Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7
Windows Server 2003 x64 Edition (optionally with SP2) and Internet
Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D
Windows Server 2003 with SP1/SP2 for Itanium-based systems and
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055
Windows XP SP2 with Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97
Windows XP Professional x64 Edition (optionally with SP2) and
Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75
Windows Server 2003 SP1/SP2 with Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7
Windows Server 2003 x64 Edition (optionally with SP2) and Internet
Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCCE5A-7562-448B-A345-CF1CC758E35C
Windows Server 2003 with SP1/SP2 for Itanium-based systems and
Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8414F3FB-216A-4D46-B590-4C1F304DFF91
Windows Vista with Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=26D303DA-BB2E-4555-96F1-BECB0E277341
Windows Vista x64 Edition with Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88E0B-A4C2-4690-91D9-326800030A16
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Peter Vreugdenhil via iDefense VCP.
2) Sam Thomas via Zero Day Initiative.
3) Peter Vreugdenhil via Zero Day Initiative.
4) Reported as a 0-day.
ORIGINAL ADVISORY:
MS07-069 (KB942615):
http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------