Secunia Advisory SA16373Internet Explorer Three Vulnerabilities
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Description
Three vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, to cause a DoS (Denial of Service), or compromise a user's system. 1) A memory corruption error within the processing of JPEG images can be exploited to crash the browser or to execute arbitrary code by tricking a user into e.g. visiting a web site or view an HTML e-mail containing a specially crafted JPEG image. 2) A validation error during the interpretation of certain URLs when browsing from a web site to a web folder view using WebDAV can be exploited to execute arbitrary script code in another domain (e.g. on the user's system in the "Local Machine" security zone). 3) An error in the way COM objects are instantiated as ActiveX controls can be exploited to corrupt system memory and allows execution of arbitrary code on a user's system when e.g. a malicious web site is visited. Solution Provided and/or discovered by Other references Deep Links Do you have additional information related to this advisory?Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||