---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA14922 VERIFY ADVISORY: http://secunia.com/advisories/14922/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 6 http://secunia.com/product/11/ DESCRIPTION: Some vulnerabilities has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) A race condition in the processing of DHTML objects can be exploited to execute arbitrary code via specially crafted HTML emails and web sites. 2) A boundary error in the handling of certain URLs can be exploited to execute arbitrary code via specially crafted HTML emails and web sites. 3) A boundary error in the handling of Content Advisor ratings can be exploited to execute arbitrary code via specially crafted Content Advisor content. Successful exploitation requires the user to accept and install the Content Advisor ratings. SOLUTION: Apply patches. Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3: http://www.microsoft.com/downloads/details.aspx?FamilyId=6CF45449-03D8-40B8-A4C0-09F413EE8EAB Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=627F8991-7717-4ADE-A5AE-169591B6AAE0 Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition: See original advisory. Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 with Service Pack 3 or Service Pack 4, or on Microsoft Windows XP Service Pack 1: http://www.microsoft.com/downloads/details.aspx?FamilyId=92E5A83D-9131-4B20-915A-A444C51656DC Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition: See original advisory. Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=87241BC0-E1E9-4EFC-A6EC-5413119D3100 Internet Explorer 6 for Microsoft Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=88879B7A-3F4D-40D4-ADFD-4BBD8D4D865F Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=FF80E80F-862A-4484-BC9D-FE05F966F1F4 Internet Explorer 6 for Microsoft Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=974F9611-6352-4F9C-B258-346C317857C5 Microsoft Internet Explorer on the following platforms is not affected: * Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows XP Professional x64 Edition PROVIDED AND/OR DISCOVERED BY: 1) Berend-Jan Wever 2) 3APA3A and axle@bytefall 3) Andres Tarasco, SIA Group ORIGINAL ADVISORY: MS05-020 (KB89092): http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------