---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28903 VERIFY ADVISORY: http://secunia.com/advisories/28903/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 7.x http://secunia.com/product/12366/ DESCRIPTION: Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An error in the way HTML with certain layout combinations is interpreted can be exploited to corrupt memory via a specially crafted web page. 2) An error in the way a certain property method is handled can be exploited via a specially crafted web page. 3) An error in the argument validation when processing images can be exploited to corrupt memory via a specially crafted web page. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Windows 2000 SP4 and Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41 Windows 2000 SP4 and Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359 Windows XP SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409 Windows Server 2003 SP1/SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24 Windows XP SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153 Windows Server 2003 SP1/SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=4BB99AFC-BE14-4F2E-9570-B7FE09E39131 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=6FA80E2C-5E91-4B33-ACD9-33F156660AE7 Windows Vista and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE25B98-F443-4874-A06F-4DAAE14C16B0 Windows Vista x64 Edition and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=C08EBBE7-639B-4EA2-8304-FAB531930ABF PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Shane Macaulay and Riley Hassell, Security Objectives. 2) The vendor credits an anonymous person via ZDI. 3) The vendor credits Venustech of ADLABS. ORIGINAL ADVISORY: MS08-010 (KB944533): http://www.microsoft.com/technet/security/Bulletin/MS08-010.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------