---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23288 VERIFY ADVISORY: http://secunia.com/advisories/23288/ CRITICAL: Highly critical IMPACT: Exposure of system information, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to gain knowledge of certain information or potentially compromise a user's system. 1) A memory corruption error within the interpretation of certain DHTML script function calls to incorrectly created elements can potentially be exploited to execute arbitrary code on a user's system. 2) An unspecified error within the handling of drag and drop operations can be exploited to retrieve content of the TIF folder (Temporary Internet Files) via a specially crafted web page. 3) An unspecified error within the handling of OBJECT tags can be exploited to disclose the path to the TIF folder (Temporary Internet Files) and retrieve its contents via a specially crafted web page. SOLUTION: Apply patches. Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=1D28E62C-09D3-4F38-BEA3-3FC501449D29 Internet Explorer 6 SP1 installed on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=3CFC32FC-85CA-4EDA-890D-5E359F5F0019 Internet Explorer 6 for Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=8B321744-B55E-4696-8B2C-B1D31672DA06 Internet Explorer 6 for Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=8D841D1B-D0B1-46AF-87BD-7DAA8C31AF39 Internet Explorer 6 for Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=3E3A9693-D21B-4214-A16C-3FC22340E600 Internet Explorer 6 for Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=9E3F7A2C-BFE1-48C5-8A8A-64A06BCDF219 Internet Explorer 6 for Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=F56065CE-6D28-479B-80A7-E04022454DE9 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Sam Thomas. 2) The vendor credits Yorick Koster. 3) Reported by the vendor. ORIGINAL ADVISORY: MS06-072 (KB925454): http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------