---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Internet Explorer Multiple Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA28036 VERIFY ADVISORY: http://secunia.com/advisories/28036/ CRITICAL: Extremely critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 7.x http://secunia.com/product/12366/ DESCRIPTION: Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An error exists in the way Internet Explorer handles errors when accessing objects, which have not been correctly initialised or that have been deleted. 2) Another error exists in the way Internet Explorer handles errors when accessing objects, which have not been correctly initialised or that have been deleted. 3) A third error exists in the way Internet Explorer handles errors when accessing objects, which have not been correctly initialised or that have been deleted. 4) An error when displaying web pages containing certain unexpected method calls to HTML objects can be exploited to corrupt memory. NOTE: This vulnerability is reportedly being actively exploited. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when a user e.g. visits a malicious website. SOLUTION: Apply patches. Windows 2000 SP4 with Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=B3BD16EA-5D69-4AE3-84B3-AB773052CEEB Windows 2000 SP4 with Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C Windows XP SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2 Windows Server 2003 SP1/SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055 Windows XP SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75 Windows Server 2003 SP1/SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCCE5A-7562-448B-A345-CF1CC758E35C Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=8414F3FB-216A-4D46-B590-4C1F304DFF91 Windows Vista with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=26D303DA-BB2E-4555-96F1-BECB0E277341 Windows Vista x64 Edition with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88E0B-A4C2-4690-91D9-326800030A16 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Peter Vreugdenhil via iDefense VCP. 2) Sam Thomas via Zero Day Initiative. 3) Peter Vreugdenhil via Zero Day Initiative. 4) Reported as a 0-day. ORIGINAL ADVISORY: MS07-069 (KB942615): http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------