---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35362 VERIFY ADVISORY: http://secunia.com/advisories/35362/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system. 1) An error when handling cached content can be exploited to bypass domain restrictions and disclose information from the local system or from windows in other domains or Internet Explorer zones. 2) An error when handling calls to DHTML objects can be exploited to corrupt memory and potentially execute arbitrary code. 3) An error when handling unspecified HTML objects can be exploited to access uninitialised or deleted objects and potentially execute arbitrary code. 4) An unspecified error can be exploited to access an uninitialised or deleted object and potentially execute arbitrary code. 5) Another error when handling unspecified HTML objects can be exploited to access uninitialised or deleted objects and potentially execute arbitrary code. 6) A third error when handling unspecified HTML objects can be exploited to access uninitialised or deleted objects and potentially execute arbitrary code. 7) A fourth error when handling unspecified HTML objects can be exploited to access uninitialised or deleted objects and potentially execute arbitrary code. SOLUTION: Apply updates. Windows 2000 SP4 with Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=d645ad82-13c3-4030-808b-834e86ed3298 Windows 2000 SP4 with Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=fe8b3796-a407-4f41-89eb-35b4bcc24ff6 Windows XP SP2/SP3 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=3d7f63ee-d7c3-48a5-902e-60625405e97d Windows XP Professional x64 Edition SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=088f70eb-c5c5-426a-880a-18ed386d0b56 Windows Server 2003 SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=72a23752-86fb-4cc9-ab8e-63ffdfae5bec Windows Server 2003 x64 Edition SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=2a03d3c4-e39d-43a3-8d42-216e9551be96 Windows Server 2003 with SP2 for Itanium-based Systems with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=58efde2c-e0b8-4259-b19e-80564b834882 Windows XP SP2/SP3 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=827b735c-660b-4723-b688-3297e107153a Windows XP Professional x64 Edition SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=e5d2c81e-ffab-4e3b-a59a-a55000597213 Windows Server 2003 SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=a980b867-c67f-4c61-b6db-e55c2ca68dc0 Windows Server 2003 x64 Edition SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=5e7d6372-9c8c-449d-88fd-afd4f92ad9e6 Windows Server 2003 with SP2 for Itanium-based Systems with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=a2d2907e-67ae-44a4-a805-8670e659ea57 Windows Vista (optionally with Service Pack 1) with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=e60215c3-b8b9-4e45-9d9f-b3fb0b47cce1 Windows Vista SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=e60215c3-b8b9-4e45-9d9f-b3fb0b47cce1 Windows Vista x64 Edition (optionally with Service Pack 1) with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=88185088-8c2c-4bc6-89b2-87f4d4849cf7 Windows Vista x64 Edition SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=88185088-8c2c-4bc6-89b2-87f4d4849cf7 Windows Server 2008 for 32-bit Systems with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=a0e3f975-57da-43fa-ac12-3d14fd6ce939 Windows Server 2008 for 32-bit Systems SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=a0e3f975-57da-43fa-ac12-3d14fd6ce939 Windows Server 2008 for x64-based Systems with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=758edce7-2a82-4b2e-bd71-5b7075cc4b17 Windows Server 2008 for x64-based Systems SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=758edce7-2a82-4b2e-bd71-5b7075cc4b17 Windows Server 2008 for Itanium-based Systems with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=67d4c189-030d-42eb-98b9-7957ccd92592 Windows Server 2008 for Itanium-based Systems SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=67d4c189-030d-42eb-98b9-7957ccd92592 Windows XP SP2/SP3 with Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?FamilyID=d9e27ce1-4e7c-437f-9477-e7805a33da08 Windows XP Professional x64 Edition SP2 with Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?FamilyID=a24aedf0-7a31-4ee8-a9a6-998f1160c700 Windows Server 2003 SP2 with Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?FamilyID=298143f2-f37a-4a2c-86ac-9804d4ff1dad Windows Server 2003 x64 Edition SP2 with Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?FamilyID=4a5401d7-ca97-4734-a0e9-d7ffe0777e34 Windows Vista (optionally with Service Pack 1 or 2) with Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?FamilyID=6f2730e9-b4fc-4f20-96cf-73f1be63f374 Windows Vista x64 Edition (optionally with Service Pack 1 or 2) with Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?FamilyID=5edb14f7-11ec-4180-9f0f-b2673f1c8d83 Windows Server 2008 for 32-bit Systems (optionally with Service Pack 2) with Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?FamilyID=aaad301c-d232-4733-a0df-8e5d41bbfde8 Windows Server 2008 for x64-based Systems (optionally with Service Pack 2) Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?FamilyID=faac92d4-4a2b-4bb5-8bd1-1519a9fa8147 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Jorge Luis Alvarez Medina of Core Security Technologies 2) Haifei Li of Fortinet’s FortiGuard Global Security Research Team 3) TippingPoint and the Zero Day Initiative 4) Peter Vreugdenhil, working with TippingPoint and the Zero Day Initiative 5, 6) Wushi, working with TippingPoint and the Zero Day Initiative 7) Nils, working with TippingPoint and the Zero Day Initiative ORIGINAL ADVISORY: Microsoft (KB969897): http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------