Internet Explorer Three Vulnerabilities - Secunia Advisories - Vulnerability Information

Vulnerability Information

Vulnerability Scanning

Community

Blog

Corporate Information

Home > Vulnerability Information > Secunia Advisories > Internet Explorer Three Vulnerabilities

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

Internet Explorer Three Vulnerabilities

Secunia Advisory:

SA16373

Advisory Toolbox:

Issue ticket

Save in to-do list

Mark as handled

Exploit information

Download as PDF

Review actions

Add comment

Release Date:

2005-08-09

Last Update:

2005-11-21

Popularity:

38,933 views

Critical:

Highly critical

Impact:

Cross Site Scripting
DoS
System access

Where:

From remote

Solution Status:

Vendor Patch

Software:

Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x

Secunia CVSS-2 Score:

Available in Secunia business solutions

Subscribe:

Instant alerts on relevant vulnerabilities

Advisory Content (Page 2 of 3)

[ 1 ] [ 2 ] [ 3 ]

Secunia is hiring, read about the open positions here!

Solution:
Apply patches.

Internet Explorer 5.01 (requires SP4) on Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=194E0EE7-919C-4A8B-AD8D-01A4FE771942

Internet Explorer 6 (requires SP1) on Windows 2000 SP4 or Windows XP SP1:
http://www.microsoft.com/downloads/de...=68300B15-1CF9-45FB-875E-2EF6D2FBC9ED

Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=648B6F0E-1695-44E5-826A-43406DF4858E

Internet Explorer 6 for Windows Server 2003 (optionally with SP1):
http://www.microsoft.com/downloads/de...=F0B96EC3-E954-423A-9AB0-5712B9F14637

Internet Explorer 6 for Windows Server 2003 for Itanium-based systems (optionally with SP1):
http://www.microsoft.com/downloads/de...=C24D3738-213A-41B8-84A3-2842B34D7B10

Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/de...=F2D544E7-33F5-4A65-A574-15495B05B883

Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/de...=1181BC67-0A1D-4A06-99AC-5B2BC6DFE0F6

Internet Explorer 5.5 (requires SP2) on Windows ME:
Patches are available from the Windows Update web site.

NOTE: See vendor advisory for Slovenian and Slovakian patches for Windows ME.

Internet Explorer 6 (requires SP1) on Windows 98, Windows 98 SE, or Windows ME:
Patches are available from the Windows Update web site.

NOTE: See vendor advisory for Slovenian and Slovakian patches for Windows ME.

Microsoft Windows XP Embedded (with SP2):
http://www.microsoft.com/downloads/de...=9da5dae9-9e2d-45ef-8c9b-d773409b6187

Microsoft Windows XP Embedded (with SP1):
http://www.microsoft.com/downloads/de...=8f1f7ae2-8e47-4055-9f55-aef72d8ea60d

Provided and/or discovered by:
1) Michal Zalewski
2) Paul, GreyHat Security.
3) The vendor credits the following people:
* NSFOCUS Security Team
* Bernhard Mueller and Martin Eiszner, SEC Consult.

Changelog:
2005-08-10: Added link to US-CERT vulnerability notes.
2005-08-11: Vendor issues updated packages as prior packages introduced various errors.
2005-08-22: Added link to US-CERT vulnerability note.
2005-08-30: Updated credits.
2005-09-28: Added CVE reference. Updated "Impact" and "Description" sections.
2005-11-21: Added patch information for Windows XP Embedded.

Original Advisory:
MS05-038 (KB896727):
http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx

NSFOCUS:
http://www.nsfocus.com/english/homepage/research/0502.htm

Other References:
Known problems when installing the cumulative update:
http://support.microsoft.com/kb/896727

US-CERT VU#965206:
http://www.kb.cert.org/vuls/id/965206

US-CERT VU#959049:
http://www.kb.cert.org/vuls/id/959049

US-CERT VU#680526:
http://www.kb.cert.org/vuls/id/680526

Change Page:
[ 1 ] [ 2 ] [ 3 ]

Track this Secunia Advisory

Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory

Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

9th Nov, 2009

New advisories:	6
New vulnerabilities:	23
Updated advisories:	66

Less // 426 views

Linux Kernel 2.4 Multiple Vulnerabilities

Not // 224 views

Debian update for pidgin

Less // 338 views

Sun Solaris mod_perl Two Vulnerabilities

Less // 260 views

Debian update for linux-2.6

Less // 221 views

Debian update for drupal6

Highly // 251 views

Debian update for nspr

6th Nov, 2009

New advisories:	17
New vulnerabilities:	65
Updated advisories:	21

Less // 448 views

Debian update for linux-2.6.24

Less // 431 views

Debian update for linux-2.6

Moderately // 390 views

Gentoo update for horde

Moderately // 422 views

Portili Products Multiple Vulnerabilities

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.