TITLE: Microsoft Internet Explorer Multiple Vulnerabilities Critical: Highly critical Impact: System access Where: From remote SECUNIA ADVISORY ID: SA36979 VERIFY ADVISORY: http://secunia.com/advisories/36979/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error in the processing of data stream headers can be exploited to trigger a memory corruption. 2) An error related to a certain HTML component is caused due to the improper validation of arguments. 3) An unspecified error can be exploited to access an incorrectly initialised or deleted object and trigger a memory corruption. 4) A second unspecified error can be exploited to access an incorrectly initialised or deleted object and trigger a memory corruption. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Windows 2000 SP4 with Microsoft Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=26515c7b-d7a6-4405-96b5-a518dcb39d38 Microsoft Windows 2000 SP4 with Microsoft Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=8154ba37-0fbc-4d31-9d6e-0b21586ad65a Windows XP SP2 and Windows XP SP3 with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=9aacf890-afb4-46a7-a13f-dd9fe3c0ca4a Windows XP Professional x64 Edition SP2 with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=89a2cf2a-a7a2-4d4b-aa6f-24dde288d500 Windows Server 2003 SP2 with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyID=8101625d-ee93-46e5-aec2-3bdbf2d86472 Windows Server 2003 x64 Edition SP2 with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=2f966053-01eb-4a23-a9d5-71deac2498ea Windows Server 2003 with SP2 for Itanium-based Systems with Microsoft Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?familyid=79a1a94d-3b47-47e9-9476-2f591c3f6a59 Windows XP SP2 and Windows XP SP3 with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=dc166dc6-577f-4d8d-94df-dd963233dd85 Windows XP Professional x64 Edition SP2 with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=bd54e595-25f2-4839-a838-2a0f809bde2b Windows Server 2003 SP2 with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=4647bcf1-69fb-4ad6-9e03-7bc22d8a914b Windows Server 2003 x64 Edition SP2 with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=e7d77bd9-8317-42f3-9ad1-a0b8bfa65b53 Windows Server 2003 with SP2 for Itanium-based Systems with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyID=07e66c09-2cd7-47ba-bf87-d3da602184b4 Windows Vista (optionally with SP1 or SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=f6995616-2a84-4c26-9599-26f1314873ed Windows Vista x64 Edition (optionally with SP1 or SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=b3de5236-afdd-436e-8648-5382d564cc99 Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=72dd580e-eb53-41da-a5c0-a392ad388bfc Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=0111d741-bda4-4a50-a12b-d3337ff4441d Windows Server 2008 for Itanium-based Systems (optionally with SP2) with Windows Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?familyid=e81f30b7-ef05-4488-b62a-d330e17129cf Windows XP SP2 and Windows XP SP3 with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=8799159d-df69-49f6-9db5-49147690ce0c Windows XP Professional x64 Edition SP2 with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=77b18fc2-e769-47c6-8e72-916716a49e58 Windows Server 2003 SP2 with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=9eae7eca-1a6f-4397-a6e2-7dda6b9d5276 Windows Server 2003 x64 Edition SP2 with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=708a549d-11fd-43bf-a6e1-309e3205d59d Windows Vista (optionally with SP1 or SP2) with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=e8f6014f-950b-4e11-a105-51d298069f1a Windows Vista x64 Edition (optionally with SP1 or SP2) with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=85978f28-5fc0-481b-9b03-2021c785889b Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=1baf7e96-ba3e-47e7-8ea3-eb092e653a39 Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=7a4b755b-7fa0-43aa-8862-c1d0c7d94c2c Windows 7 for 32-bit Systems with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=89d1fb78-68cd-48dd-afc2-15a79ebe9fde Windows 7 for x64-based Systems with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=10d9f7ac-65f4-437c-91cc-171632c69b0e Windows Server 2008 R2 for x64-based Systems with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=f50307d6-7869-4996-9ff7-23f87d08994b Windows Server 2008 R2 for Itanium-based Systems with Windows Internet Explorer 8: http://www.microsoft.com/downloads/details.aspx?familyid=9b6a28ae-b3f2-42b0-8209-e3950ec37abb ORIGINAL ADVISORY: Microsoft (KB974455): http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-