---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36979 VERIFY ADVISORY: http://secunia.com/advisories/36979/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error in the processing of data stream headers can be exploited to trigger a memory corruption. 2) An error related to a certain HTML component is caused due to the improper validation of arguments. 3) An unspecified error can be exploited to access an incorrectly initialised or deleted object and trigger a memory corruption. 4) A second unspecified error can be exploited to access an incorrectly initialised or deleted object and trigger a memory corruption. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Windows 2000 SP4 with Microsoft Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=26515c7b-d7a6-4405-96b5-a518dcb39d38 Microsoft Windows 2000 SP4 with Microsoft Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=8154ba37-0fbc-4d31-9d6e-0b21586ad65a Windows XP SP2 and Windows XP SP3 with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=9aacf890-afb4-46a7-a13f-dd9fe3c0ca4a Windows XP Professional x64 Edition SP2 with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=89a2cf2a-a7a2-4d4b-aa6f-24dde288d500 Windows Server 2003 SP2 with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=8101625d-ee93-46e5-aec2-3bdbf2d86472 Windows Server 2003 x64 Edition SP2 with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=2f966053-01eb-4a23-a9d5-71deac2498ea Windows Server 2003 with SP2 for Itanium-based Systems with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=79a1a94d-3b47-47e9-9476-2f591c3f6a59 Windows XP SP2 and Windows XP SP3 with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=dc166dc6-577f-4d8d-94df-dd963233dd85 Windows XP Professional x64 Edition SP2 with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=bd54e595-25f2-4839-a838-2a0f809bde2b Windows Server 2003 SP2 with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=4647bcf1-69fb-4ad6-9e03-7bc22d8a914b Windows Server 2003 x64 Edition SP2 with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=e7d77bd9-8317-42f3-9ad1-a0b8bfa65b53 Windows Server 2003 with SP2 for Itanium-based Systems with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=07e66c09-2cd7-47ba-bf87-d3da602184b4 Windows Vista (optionally with SP1 or SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=f6995616-2a84-4c26-9599-26f1314873ed Windows Vista x64 Edition (optionally with SP1 or SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=b3de5236-afdd-436e-8648-5382d564cc99 Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=72dd580e-eb53-41da-a5c0-a392ad388bfc Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=0111d741-bda4-4a50-a12b-d3337ff4441d Windows Server 2008 for Itanium-based Systems (optionally with SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=e81f30b7-ef05-4488-b62a-d330e17129cf Windows XP SP2 and Windows XP SP3 with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=8799159d-df69-49f6-9db5-49147690ce0c Windows XP Professional x64 Edition SP2 with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=77b18fc2-e769-47c6-8e72-916716a49e58 Windows Server 2003 SP2 with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=9eae7eca-1a6f-4397-a6e2-7dda6b9d5276 Windows Server 2003 x64 Edition SP2 with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=708a549d-11fd-43bf-a6e1-309e3205d59d Windows Vista (optionally with SP1 or SP2) with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=e8f6014f-950b-4e11-a105-51d298069f1a Windows Vista x64 Edition (optionally with SP1 or SP2) with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=85978f28-5fc0-481b-9b03-2021c785889b Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=1baf7e96-ba3e-47e7-8ea3-eb092e653a39 Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=7a4b755b-7fa0-43aa-8862-c1d0c7d94c2c Windows 7 for 32-bit Systems with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=89d1fb78-68cd-48dd-afc2-15a79ebe9fde Windows 7 for x64-based Systems with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=10d9f7ac-65f4-437c-91cc-171632c69b0e Windows Server 2008 R2 for x64-based Systems with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=f50307d6-7869-4996-9ff7-23f87d08994b Windows Server 2008 R2 for Itanium-based Systems with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=9b6a28ae-b3f2-42b0-8209-e3950ec37abb PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits SkyLined of Google Inc. 2) The vendor credits Mark Dowd, Ryan Smith, and David Dewey. 3) The vendor credits TippingPoint and the Zero Day Initiative. 4) The vendor credits Sam Thomas of eshu.co.uk, working with TippingPoint and the Zero Day Initiative. ORIGINAL ADVISORY: Microsoft (KB974455): http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------