Tech Support Guy banner
Status
Not open for further replies.

Cumulative Security Update for Internet Explorer

1K views 0 replies 1 participant last post by  eddie5659 
#1 ·
Hiya

A remote code execution vulnerability exists in Internet Explorer due to attempts to access previously freed memory when handling script errors in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

A remote code execution vulnerability exists in the way Internet Explorer interprets certain DHTML script function calls to incorrectly created elements. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

An information disclosure vulnerability exists in Internet Explorer in the way that drag and drop operations are handled in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed and interacted with the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a user’s system.

An information disclosure vulnerability exists in Internet Explorer in certain scenarios where the path to the cached content in the TIF folder could be disclosed. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a user’s system. However, user interaction is required to exploit this vulnerability.

Affected Components:

• Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
• Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4
• Microsoft Internet Explorer 6 for Windows XP Service Pack 2
• Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
• Microsoft Internet Explorer 6 for Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition



http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx

Regards

eddie
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top