|
 |
|
Microsoft Internet Explorer Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA15368
|
|
|
Release Date:
|
2005-12-13
|
|
Last Update:
|
2006-02-10
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
| | CVE reference: | CVE-2005-1790 (Secunia mirror)
CVE-2005-2829 (Secunia mirror)
CVE-2005-2830 (Secunia mirror)
CVE-2005-2831 (Secunia mirror)
CVE-2006-0057 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Five vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to view potentially sensitive information, to trick users into downloading and executing arbitrary programs, and to compromise a user's system.
1) A design error in the processing of keyboard shortcuts for certain security dialogs can e.g. be exploited to delay the "File Download" dialog box and trick users into executing a malicious ".bat" file after pressing the "r" key.
2) A design error in the processing of mouse clicks in new browser windows and the predictability of the position of the "File Download" dialog box can be exploited to trick the user into clicking on the "Run" button of the dialog box. This is exploited by first causing a "File Download" dialog box to be displayed underneath a new browser window, and then tricking the user into double-clicking within a specific area in the new window. This will result in an unintended click of the "Run" button in the hidden "File Download" dialog box.
3) An error exists in Internet Explorer when used with a HTTPS proxy server that requires clients to use Basic Authentication. This may cause web addresses that are sent from Internet Explorer to be disclosed to a third-party even when HTTPS connection is used.
4) An error exists when certain COM objects that are not intended to be used with Internet Explorer are instantiated in Internet Explorer. This can be exploited to execute arbitrary code via a malicious webpage that instantiates a vulnerable COM object.
This is related to:
SA16480
5) An error exists in the initialisation of certain objects when the "window()" function is used in conjunction with the "<body onload>" event. This can be exploited to execute arbitrary code via a malicious webpage.
For more information:
SA15546
The vulnerabilities #1, #2, and #5 have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Apply patches.
Internet Explorer 5.01 SP 4 on Microsoft Windows 2000 (requires SP 4):
http://www.microsoft.com/downloads/de...=4005B74A-D6E6-4A32-A3B1-276686B4A428
Internet Explorer 6 SP 1 on Microsoft Windows 2000 (requires SP 4) or on Microsoft Windows XP (requires SP 1):
http://www.microsoft.com/downloads/de...=A8443CD2-D98D-427B-9F0E-BD7E19FCB994
Internet Explorer 6 for Microsoft Windows XP (requires SP 2):
http://www.microsoft.com/downloads/de...=E4B5BA57-D4F2-4798-9154-2869E371C9D1
Internet Explorer 6 for Microsoft Windows Server 2003 (with or without SP 1):
http://www.microsoft.com/downloads/de...=9D70FB20-C7C9-43AF-A864-6DBC9A542CC6
Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium) (with or without SP 1):
http://www.microsoft.com/downloads/de...=1EE790B9-E596-4344-AEC3-FCB3289D7E9C
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/de...=8E9C23E5-7988-42DA-A8BD-2C1A534BF995
Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/de...=E1652B4A-6339-4B31-8ACF-D2A844C24F70
Internet Explorer 6 for Microsoft Windows XP Embedded (with SP1):
http://www.microsoft.com/downloads/de...=af116ff1-9347-40d5-b03c-c2c758c652ba
Internet Explorer 6 for Microsoft Windows XP Embedded (with SP2):
http://www.microsoft.com/downloads/de...=5c635107-a550-45f5-b012-3dfb8893b6a2
For Microsoft Windows 98, Microsoft Windows 98 SE, and Microsoft Windows Millennium Edition, see the vendors original advisory.
Provided and/or discovered by:
1) Andreas Sandblad, Secunia Research
2) Jakob Balle, Secunia Research
4) Will Dormann, CERT/CC
Changelog:
2006-01-27: Added link to US-CERT vulnerability note. Added CVE reference.
2006-02-10: Added patch information for Windows XP Embedded.
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2005-7/advisory/
http://secunia.com/secunia_research/2005-21/advisory/
MS05-054 (KB905915):
http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx
Other References:
US-CERT VU#998297:
http://www.kb.cert.org/vuls/id/998297
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
133 Related Secunia Security Advisories, displaying 10
|
|
|
1. Internet Explorer 6 Window "location" Handling Vulnerability
|
|
2. Internet Explorer "substringData()" Memory Corruption Vulnerability
|
|
3. Internet Explorer "Print Table of Links" Cross-Zone Scripting
|
|
4. Internet Explorer HTTP Request Smuggling/Splitting Vulnerabilities
|
|
5. Internet Explorer FTP Command Injection Vulnerability
|
|
6. Microsoft Internet Explorer Multiple Vulnerabilities
|
|
7. Internet Explorer Multiple Code Execution Vulnerabilities
|
|
8. Microsoft Web Proxy Auto-Discovery Feature Security Issue
|
|
9. Internet Explorer Data Stream Handling Vulnerability
|
|
10. Internet Explorer Unspecified Address Bar Spoofing Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
