Three vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, to cause a DoS (Denial of Service), or compromise a user's system.

1) A memory corruption error within the processing of JPEG images can be exploited to crash the browser or to execute arbitrary code by tricking a user into e.g. visiting a web site or view an HTML e-mail containing a specially crafted JPEG image.

2) A validation error during the interpretation of certain URLs when browsing from a web site to a web folder view using WebDAV can be exploited to execute arbitrary script code in another domain (e.g. on the user's system in the "Local Machine" security zone).

3) An error in the way COM objects are instantiated as ActiveX controls can be exploited to corrupt system memory and allows execution of arbitrary code on a user's system when e.g. a malicious web site is visited.

Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Michal Zalewski
2) Paul, GreyHat Security.
3) The vendor credits the following people:
* NSFOCUS Security Team
* Bernhard Mueller and Martin Eiszner, SEC Consult.

Changelog
Further details available to Secunia VIM customers

Original Advisory
MS05-038 (KB896727):
http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx

NSFOCUS:
http://www.nsfocus.com/english/homepage/research/0502.htm

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers