|
Internet Explorer Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA12806
|
|
|
Release Date:
|
2004-10-12
|
|
Last Update:
|
2005-01-25
|
|
Popularity:
|
36,112 views
|
|
|
Critical:
|
Extremely critical
|
|
Impact:
|
Spoofing
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2004-0216
CVE-2004-0727
CVE-2004-0839
CVE-2004-0841
CVE-2004-0842
CVE-2004-0843
CVE-2004-0844
CVE-2004-0845
CVE-2004-0978
|
|
Description:
Multiple vulnerabilities have been reported in Internet Explorer, where the most critical can be exploited by malicious people to compromise a user's system.
1) A boundary error within the processing of CSS (Cascading Style Sheets) can be exploited to cause a buffer overflow via a malicious web page or HTML e-mail message.
Successful exploitation allows execution of arbitrary code.
2) An error in the cross-domain security model within the handling of navigation methods by functions with similar names can be exploited to execute arbitrary script code in the "Local Machine" security zone or access information in a different domain.
For more information:
SA12048
3) An integer overflow in the Install Engine Control module (inseng.dll) can be exploited to cause a heap-based buffer overflow via a malicious web page or HTML email.
Successful exploitation allows execution of arbitrary code.
4) Insufficient validation of drag and drop events issued from the "Internet" zone to local resources can be exploited by malicious people to plant arbitrary executable files on a user's system.
For more information:
SA12321
5) A canonicalization error within the processing of URLs on DBCS (Double Byte Character Set) systems can be exploited to spoof information displayed in the address bar.
6) An error within the processing of plug-in navigations can be exploited to spoof information displayed in the address bar.
7) An error within the way scripts are processed in image tags can be exploited to save files on a user's system by tricking the user into visiting a malicious web site or view a malicious e-mail message.
For more information:
SA12048
8) An error within the handled of cached SSL content can be exploited to access sensitive information or spoof content on SSL-protected web sites.
9) A boundary error in the Heartbeat ActiveX component (Heartbeat.ocx) used on some MSN gaming sites can be exploited to cause a heap-based buffer overflow by passing an overly long string for the SetupData parameter.
Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious web site is visited.
Solution:
Apply patches.
Internet Explorer 5.01 SP3 on Windows 2000 SP3:
http://www.microsoft.com/downloads/de...-924B-1FB1DC1881BA&displaylang=en
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsoft.com/downloads/de...-B88C-A00371F6EC81&displaylang=en
Internet Explorer 5.5 SP2 on Microsoft Windows Me:
http://www.microsoft.com/downloads/de...-86DF-2B71799DA169&displaylang=en
Internet Explorer 6 on Windows XP:
http://www.microsoft.com/downloads/de...-A9D6-7CC6429C547D&displaylang=en
Internet Explorer 6 SP1 on Windows 2000 SP3/SP4, Windows XP, or Windows XP SP1:
http://www.microsoft.com/downloads/de...-9573-DD83F2DFF074&displaylang=en
Internet Explorer 6 SP1 on Windows NT Server 4.0 SP6a, Windows NT Server 4.0 TSE SP6, Windows 98 and SE, or Windows Me:
http://www.microsoft.com/downloads/de...-B8BD-51CFD795B03E&displaylang=en
Internet Explorer 6 for Windows XP SP1 (64-Bit Edition):
http://www.microsoft.com/downloads/de...-BA03-FBBC24142E4D&displaylang=en
Internet Explorer 6 for Windows Server 2003:
http://www.microsoft.com/downloads/de...-A61F-4F82A4014412&displaylang=en
Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/de...-A3EA-87D4BF7F9730&displaylang=en
Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/de...-9246-2C2264C49E2E&displaylang=en
Provided and/or discovered by:
3) Greg Jones of KPMG UK and Peter Winter-Smith of Next Generation Security Software.
8) Mitja Kolsek, ACROS Security.
9) John Heasman, Next Generation Security Software.
Changelog:
2004-10-13: Added more information.
2004-10-14: Added more information.
2004-10-20: Added link to US-CERT vulnerability note.
2004-12-07: Added CVE reference.
2005-01-20: Added details about Heartbeat.ocx vulnerability.
2005-01-25: Added additional information about vulnerability #3.
Original Advisory:
MS04-038 (KB834707):
http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx
ACROS Security:
http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt
NGSSoftware:
http://www.ngssoftware.com/advisories/heartbeatfull.txt
http://www.ngssoftware.com/advisories/msinsengfull.txt
Other References:
SA12048:
http://secunia.com/advisories/12048/
SA12321:
http://secunia.com/advisories/12321/
US-CERT VU#637760:
http://www.kb.cert.org/vuls/id/637760
US-CERT VU#673134:
http://www.kb.cert.org/vuls/id/673134
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
