TITLE: Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31375 VERIFY ADVISORY: http://secunia.com/advisories/31375/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 7.x http://secunia.com/product/12366/ DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error may result in uninitialised memory being accessed in certain situations. 2) Another unspecified error may result in uninitialised memory being accessed in certain situations. 3) An error exists in the way Internet Explorer may access an object that has not been correctly initialised or has been deleted. This can be exploited to corrupt memory. 4) Two other unspecified errors may result in uninitialised memory being accessed in certain situations. 5) An error in the way arguments are validated in print preview handling can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. -- Windows 2000 SP4 -- Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=1557B93B-ECBA-4F42-B89D-DB0EE067D65B Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=AA780735-5928-4C46-89A4-63A814954796 -- Internet Explorer 6 -- Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2 Windows XP SP3: http://www.microsoft.com/downloads/details.aspx?familyid=69AF2F30-138E-4B15-AB8D-4FCE44CC0BC2 Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=4780B89E-9735-4D3F-8DEF-34E7337FF604 Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=0617A5DD-DCE9-4DE0-B0A0-CE38EFE13524 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=32A63F52-9FE6-48E3-BB4E-7D4DDA5E0A90 Windows Server 2003 with SP1/SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=1855997E-A3BE-46B1-A0BC-BB55EB0045FE -- Internet Explorer 7 -- Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=8E2125C7-52CB-4052-82A3-2D3C6A953752 Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=39B41E4B-3237-409D-A818-AB0517C5E7CF Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=B3C2E2FD-1CB9-491B-937C-053DD59A65BF Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=88A26B76-F7DF-45C9-8ED0-7D3CD71C1987 Windows Server 2003 with SP1/SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=97D0D37D-5D76-4BC3-8CBD-1E3976C82ACF Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=13CBA012-DD20-48F9-8E44-E4CB104C4CAD Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=EAD919C2-D548-47B7-9CD6-80F991266428 Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=4B52FF2F-D2F5-4C20-B6CF-86D86C56B0F8 Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=DF9814A6-5BE0-4AC1-A767-A0EAE8D5EE5D Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=FFC3CFCB-73FE-4A6D-9595-E9D7A5B3D3F7 ORIGINAL ADVISORY: MS08-045 (KB953838): http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-