----------------------------------------------------------------------

Want to join the Secunia Security Team?

Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.

http://secunia.com/secunia_security_specialist/

----------------------------------------------------------------------

TITLE:
Microsoft Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA20595

VERIFY ADVISORY:
http://secunia.com/advisories/20595/

CRITICAL:
Highly critical

IMPACT:
Spoofing, System access

WHERE:
>From remote

SOFTWARE:
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/

DESCRIPTION:
Some vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to conduct phishing attacks and
compromise a user's system.

1) A memory corruption error within the decoding of specially crafted
UTF-8 encoded HTML can be exploited to execute arbitrary code when a
user e.g. visits a malicious web site.

2) A memory corruption error within the
DXImageTransform.Microsoft.Light ActiveX control's parameter
validation can be exploited to execute arbitrary code when a user
e.g. visits a malicious web site.

3) An error within the way certain COM objects, which are not meant
to be instantiated in Internet Explorer, are instantiated can be
exploited to execute arbitrary code when e.g. a malicious web site is
visited.

4) An error allows spoofing of the information in the address bar and
other parts of the trust UI, which can be exploited to conduct
phishing attacks.

5) A memory corruption error in the way multipart HTML (.mht) is
saved can be exploited to execute arbitrary code if a user is tricked
into saving a specially crafted web page as multipart HTML.

SOLUTION:
Apply patches.

Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=91A997DE-BAE4-4AC7-912D-79EF8ABAEF4F

Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0EB17A41-FB43-413B-A5CC-41E1F3DEDE4F

Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=85CABE87-C4A0-4F80-BD1C-210E23FD8D81

Internet Explorer 6 for Windows Server 2003 and Windows Server 2003
SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CCE7C875-C9A4-4C3D-A37B-946EE5E781E7

Internet Explorer 6 for Windows Server 2003 for Itanium-based systems
(with or without SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C8E4CFB6-1350-4AAE-B681-EE2ECAB41118

Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1C7D5C6D-DDCF-485D-A1E3-60E55334FD74

Internet Explorer 6 for Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F91791AC-8185-4346-AA66-89F74D4B5EA7

Internet Explorer 6 SP1 on Windows 98, Windows 98 SE, or Windows Me:
Patches are available from the Windows Update web site.

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits TippingPoint and the Zero Day Initiative.
2) The vendor credits Will Dormann, CERT/CC.
3) The vendor credits TippingPoint and the Zero Day Initiative and HD
Moore of Metasploit Project.
4) The vendor credits Yorick Koster of ITsec Security Services and
hoshikuzu star_dust.
5) The vendor credits John Jones of DISC, State of Kansas.

ORIGINAL ADVISORY:
MS06-021 (KB916281):
http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx

OTHER REFERENCES:
KB article discussing known issues when installing the update:
http://support.microsoft.com/kb/916281

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------