---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Internet Explorer Three Vulnerabilities SECUNIA ADVISORY ID: SA35962 VERIFY ADVISORY: http://secunia.com/advisories/35962/ DESCRIPTION: Three vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An error when accessing deleted objects in memory can be exploited to corrupt memory via a specially crafted web page. 2) An error when handling table operations in specific situations can be exploited to corrupt memory via a specially crafted web page. 3) Another error when accessing deleted objects in memory can be exploited to corrupt memory via a specially crafted web page. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. NOTE: This security update also implements defence-in-depth security measures to mitigate known attack vectors within Internet Explorer for vulnerabilities when reading persisted data in some components and ActiveX controls developed with certain versions of ATL. SOLUTION: Apply patches. Internet Explorer 5.01 and Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=50ffc8f4-7ab7-4e64-9965-5767db5f53cd Internet Explorer 6 SP1 and Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=93bd1baa-e2fb-4e8c-9dd7-738efef32282 -- Internet Explorer 6 -- Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=22bed634-5227-4a22-8df5-801f3e2e232a Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=35ab0c5e-df3d-4873-8139-d1d98b3ac350 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=44852619-58ad-48f2-bc55-e8e1c72b1ba9 Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=bd7f36c6-c5c5-4f19-ab59-39f1aaba7fe2 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=cdb70acf-77c3-40a4-b6a3-0fbc0fc0d7fc -- Internet Explorer 7 -- Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=22bed634-5227-4a22-8df5-801f3e2e232a Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=35ab0c5e-df3d-4873-8139-d1d98b3ac350 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=44852619-58ad-48f2-bc55-e8e1c72b1ba9 Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=a594ee0d-ec8f-47df-9125-89d0bbf2115d Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=adb6bad2-9931-4ede-856e-bb43bb0f6071 Windows Vista (optionally with SP1/SP2): http://www.microsoft.com/downloads/details.aspx?familyid=d3be9a13-1a5b-4b74-9649-449df923f573 Windows Vista x64 Edition (optionally with SP1/SP2): http://www.microsoft.com/downloads/details.aspx?familyid=2b23cd74-6cf1-413b-82a7-b602347e3ce6 Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=92e3af41-71b0-4a28-afc7-123733180ead Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=1958ec40-3b7b-43a9-9fdc-742735dcf516 Windows Server 2008 for Itanium-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=470387ac-6d75-4b7e-8ca5-376b67a8bd4d -- Internet Explorer 8 -- Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=0acc8aaa-0ae1-412a-9f2b-dc7c707cae00 Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=29c8d9e6-2cb8-42b6-b0a6-2510fdb49eab Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=f4ae65a7-142f-4953-a542-315dac2ac606 Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=3bc0e17b-898b-4f29-aa29-607527e1c1cd Windows Vista (optionally with SP1/SP2): http://www.microsoft.com/downloads/details.aspx?familyid=b05a19f7-7412-4c2b-ad11-34396e54ca43 Windows Vista x64 Edition (optionally with SP1/SP2): http://www.microsoft.com/downloads/details.aspx?familyid=900e9a05-2f71-42de-b603-47e4ac061bcb Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=30f99bda-9107-4969-90af-2a30e12acdae Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=acd3667b-6676-4010-b23b-e8372dd55f93 Windows Server 2008 for Itanium-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=d223766f-2728-451d-98dd-c250ca52a76f PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Peter Vreugdenhil via iDefense. 2) The vendor credits Wushi and Ling, team509 via ZDI. 3) The vendor credits Peter Vreugdenhil via ZDI. ORIGINAL ADVISORY: MS09-034 (KB972260): http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx OTHER REFERENCES: Microsoft Security Advisory (KB973882): http://www.microsoft.com/technet/security/advisory/973882.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------