Security - Microsoft Internet Explorer Multiple Vulnerabilities

Description
Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a user's system.

1) Certain input passed via EUC-JP encoded characters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) A race condition when handling the "window.open()" JavaScript function can be exploited to corrupt memory by tricking a user into performing a specific sequence clicks on different Internet Explorer windows.
NOTE: This vulnerability does not affect Internet Explorer 9.

3) An error when handling certain events can be exploited to disclose information from another domain or Internet Explorer zone.

4) An error within the telnet URI handler loads executables in an insecure manner and can be exploited by tricking a user info performing certain actions.

5) An error within the "SetViewSlave()" function when reloading a markup for an XSLT object can be exploited to corrupt memory.
NOTE: This vulnerability does not affect Internet Explorer 6.

6) An error when parsing certain STYLE objects can be exploited to corrupt heap memory.
NOTE: An issue when checking file integrity, which can lead to bypass of protected mode has also been fixed.
Successful exploitation of vulnerabilities #2, #4, #5, and #6 allows execution of arbitrary code.

Solution
Apply patches.

Provided and/or discovered by
1) JVN credits Takeshi Terada.
2) Lostmon Lords
3) The vendor credits Yngve N. Pettersen, Opera Software ASA
4) JVN credits Makoto Shiotsuki, Security Professionals Network
5) An anonymous person via ZDI
6) Stephen Fewer via ZDI


Comments

Post a Comment