Secunia

Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks and compromise a user's system.

1) A memory corruption error within the decoding of specially crafted UTF-8 encoded HTML can be exploited to execute arbitrary code when a user e.g. visits a malicious web site.

2) A memory corruption error within the DXImageTransform.Microsoft.Light ActiveX control's parameter validation can be exploited to execute arbitrary code when a user e.g. visits a malicious web site.

3) An error within the way certain COM objects, which are not meant to be instantiated in Internet Explorer, are instantiated can be exploited to execute arbitrary code when e.g. a malicious web site is visited.

4) An error allows spoofing of the information in the address bar and other parts of the trust UI, which can be exploited to conduct phishing attacks.

5) A memory corruption error in the way multipart HTML (.mht) is saved can be exploited to execute arbitrary code if a user is tricked into saving a specially crafted web page as multipart HTML.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) Discovered by an anonymous person and reported via Zero Day Initiative.
2) The vendor credits Will Dormann, CERT/CC.
3) Discovered by an anonymous person and reported via Zero Day Initiative
The vendor also credits HD Moore, Metasploit Project.
4) The vendor credits Yorick Koster of ITsec Security Services and hoshikuzu star_dust.
5) The vendor credits John Jones of DISC, State of Kansas.

Changelog
Further details available in Customer Area

Original Advisory
MS06-021 (KB916281):
http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-06-017.html
http://www.zerodayinitiative.com/advisories/ZDI-06-018.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area