Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
299e384222c46465fa68f33a9b52346e6aff69c69fc28fa58e57ed8a1c4de9be
----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Microsoft Internet Explorer Two Code Execution Vulnerabilities
SECUNIA ADVISORY ID:
SA33845
VERIFY ADVISORY:
http://secunia.com/advisories/33845/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/advisories/product/12366/
DESCRIPTION:
Two vulnerabilities have been reported in Microsoft Internet
Explorer, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error exists due to the use of a previously deleted
object. This can be exploited to corrupt memory and execute arbitrary
code when a user e.g. visits a malicious web site.
2) An unspecified error exists within the handling of Cascading Style
Sheets (CSS). This can be exploited to cause a memory corruption and
execute arbitrary code when a user e.g. visits a specially crafted
web site.
SOLUTION:
Apply patches.
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=8cd902ec-e018-4b61-80f9-825d973f998e
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=dd3e2236-9cc0-478e-a46c-981ef685c0e3
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=e52aa1fd-e694-4322-b3ff-6abc1b4a16fe
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=edbf1566-b96b-4c7d-98fe-b15f8e766792
Windows Server 2003 with SP1/SP2 for Itanium-based systems:
http://www.microsoft.com/downloads/details.aspx?familyid=5ce78797-d1c0-40d4-84e1-1004389833be
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=5f9fa4b6-85a4-43bc-b84f-6bd847799650
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=e9a8c94b-b9d2-4d64-855f-b5f02ce3dfb5
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=2491dbf2-7cd3-44f1-bfad-77e6f760a25c
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=794373cc-2dce-4ef5-af50-7804c622c230
Windows Server 2008 for Itanium-based systems:
http://www.microsoft.com/downloads/details.aspx?familyid=11985325-4b33-4077-82cf-6afc7a71c510
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Zero Day Initiative
2) Sam Thomas via Zero Day Initiative.
ORIGINAL ADVISORY:
MS09-002 (KB961260):
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------