---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20595 VERIFY ADVISORY: http://secunia.com/advisories/20595/ CRITICAL: Highly critical IMPACT: Spoofing, System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ DESCRIPTION: Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks and compromise a user's system. 1) A memory corruption error within the decoding of specially crafted UTF-8 encoded HTML can be exploited to execute arbitrary code when a user e.g. visits a malicious web site. 2) A memory corruption error within the DXImageTransform.Microsoft.Light ActiveX control's parameter validation can be exploited to execute arbitrary code when a user e.g. visits a malicious web site. 3) An error within the way certain COM objects, which are not meant to be instantiated in Internet Explorer, are instantiated can be exploited to execute arbitrary code when e.g. a malicious web site is visited. 4) An error allows spoofing of the information in the address bar and other parts of the trust UI, which can be exploited to conduct phishing attacks. 5) A memory corruption error in the way multipart HTML (.mht) is saved can be exploited to execute arbitrary code if a user is tricked into saving a specially crafted web page as multipart HTML. SOLUTION: Apply patches. Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=91A997DE-BAE4-4AC7-912D-79EF8ABAEF4F Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=0EB17A41-FB43-413B-A5CC-41E1F3DEDE4F Internet Explorer 6 for Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=85CABE87-C4A0-4F80-BD1C-210E23FD8D81 Internet Explorer 6 for Windows Server 2003 and Windows Server 2003 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=CCE7C875-C9A4-4C3D-A37B-946EE5E781E7 Internet Explorer 6 for Windows Server 2003 for Itanium-based systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=C8E4CFB6-1350-4AAE-B681-EE2ECAB41118 Internet Explorer 6 for Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=1C7D5C6D-DDCF-485D-A1E3-60E55334FD74 Internet Explorer 6 for Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=F91791AC-8185-4346-AA66-89F74D4B5EA7 Internet Explorer 6 SP1 on Windows 98, Windows 98 SE, or Windows Me: Patches are available from the Windows Update web site. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits TippingPoint and the Zero Day Initiative. 2) The vendor credits Will Dormann, CERT/CC. 3) The vendor credits TippingPoint and the Zero Day Initiative and HD Moore of Metasploit Project. 4) The vendor credits Yorick Koster of ITsec Security Services and hoshikuzu star_dust. 5) The vendor credits John Jones of DISC, State of Kansas. ORIGINAL ADVISORY: MS06-021 (KB916281): http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx OTHER REFERENCES: KB article discussing known issues when installing the update: http://support.microsoft.com/kb/916281 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------