TITLE: Internet Explorer Unspecified Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA30575 VERIFY ADVISORY: http://secunia.com/advisories/30575/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Microsoft Internet Explorer 7.x http://secunia.com/product/12366/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when handling certain method calls to HTML objects. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. Windows 2000 SP4 with Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=4C47CF8A-8100-4D43-855A-F225A3492B19 Windows XP SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3 Windows XP SP3 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=C8783CFE-9DA5-4842-AB3A-1E2BE4FAFC47 Windows Server 2003 SP1/SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=286AADA6-A358-41F1-B81A-8DE39B9F908A Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=6604569A-3DB0-47E7-BD30-7DFBA8145386 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=0262BEB8-1EB5-4C2D-A50A-0C6C6E0C1F61 Windows XP SP2/SP3 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=FBC31BDE-0BF5-490C-96A8-071310D9464A Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=19C0CCDC-95C9-4151-96B6-4F49B594EBE0 Windows Server 2003 SP1/SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=A1AE9AD2-8329-4C96-B950-7534B3287EAA Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=FB0C70B4-CE9F-43D6-875A-3CFD0D3A2681 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=28D2913C-1C6B-4671-9892-DE08698CD5A6 Windows Vista (optionally with SP1) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=6D68B39D-157F-4C3D-AC76-BC5A9386DB59 Windows Vista x64 Edition (optionally with SP1) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=4CF92235-861E-4B74-BEE3-8E977C8688D9 Windows Server 2008 for 32-bit Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=A8922E7E-9264-4E09-B8AD-C5420FED8690 Windows Server 2008 for x64-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=05B0E838-24D7-4387-B069-2604BBCC43B9 Windows Server 2008 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=640E1865-EBCC-4D69-A770-FD360020DA1E ORIGINAL ADVISORY: MS08-031 (KB950759): http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to http://www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at http://www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at http://www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts.
All trademarks and copyrights within the FreeLists archives are owned by their respective owners. Everything else ©2008 Avenir Technologies, LLC.
