|
Internet Explorer flere sårbarheder
|
|
|
|
|
Secunia Advisory:
|
SA24156
|
|
|
Udsendt:
|
2007-02-13
|
|
Sidste Opdt.:
|
2007-02-20
|
|
|
Kritisk:
|
Meget kritisk
|
|
Betydning:
|
Systemadgang
|
|
Hvor:
|
Fra Internet
|
|
Løsning Status:
|
Producent Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
|
| | CVE reference: | CVE-2006-4697 (Secunia mirror)
CVE-2007-0217 (Secunia mirror)
CVE-2007-0219 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Beskrivelse:
Der er rapporteret nogle sårbarheder i Internet Explorer, som kan udnyttes af ondsindede personer til at kompromittere en brugers system.
1) En fejl under instantieringen af COM-objekter (Imjpcksid.dll og Imjpskdic.dll), der ikke burde instantieres i Internet Explorer kan udnyttes til at korrumpere hukommelsen.
2) En anden fejl under instantieringen af COM-objekter (Msb1fren.dll, Htmlmm.ocx og Blnmgrps.dll), der ikke burde instantieres i Internet Explorer kan udnyttes til at korrumpere hukommelsen.
3) En off-by-one fejl i wininet.dll under fortolkningen af besvarelser fra FTP-servere kan udnyttes til at korrumpere hukommelsen via specielt udformede besvarelser sendt til FTP-klienten i Internet Explorer.
Succesfuld udnyttelse af sårbarhederne muliggør eksekvering af vilkårlig kode.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Løsning:
Installér patches.
Internet Explorer 5.01 SP4 på Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=2D83EFCE-E507-4AFF-AB9B-EAF1D0D6320D
Internet Explorer 6 SP1 installeret på Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=D9E4181A-05F9-4186-BDCA-C95351983844
Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=D4038DC1-8AF6-4BEA-82B8-EACCFF4CDB28
Internet Explorer 6 for Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/de...=D6EEEA2C-785E-4DEF-913E-7F121556554F
Internet Explorer 6 for Windows Server 2003 (eventuelt med SP1):
http://www.microsoft.com/downloads/de...=C6BCBE07-39C1-4705-A10D-019DA3F997E5
Internet Explorer 6 for Windows Server 2003 for Itanium-baserede systemer (eventuelt med SP1):
http://www.microsoft.com/downloads/de...=6476A14B-0D00-4F55-A438-E140E9D26849
Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/de...=C18DB204-0F2C-4DD4-B29C-0938FF1BFD7B
Internet Explorer 7 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=EE851EFD-2CAF-41CE-A423-E1827DE318DF
Internet Explorer 7 for Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/de...=AC084BBB-084D-47AC-BFDA-156E34A63817
Internet Explorer 7 for Windows Server 2003 SP1:
http://www.microsoft.com/downloads/de...=36DAE010-AD1F-4E77-A353-9AFA41F065EA
Internet Explorer 7 for Windows Server 2003 SP1 for Itanium-baserede systemer:
http://www.microsoft.com/downloads/de...=631B590D-98CE-440D-B588-88CC31BB9370
Internet Explorer 7 for Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/de...=A05D1E57-6678-4C25-B5E2-98F18BAA454B
Rapporteret af / Kredit:
1) Rapporteret af producenten.
2) Producenten krediterer H D Moore, BreakingPoint Systems.
3) Greg MacManus, iDefense Labs.
Forløb:
14-02-2007: Tilføjede link til US-CERT.
15-02-2007: Tilføjede link til US-CERT.
20-02-2007: Tilføjede link til US-CERT.
Original Advisory:
MS07-016 (KB928090):
http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx
iDefense Labs:
labs.idefense.com/intelligence/vulnerabilities/display.php?id=473
Andre Kilder:
US-CERT VU#613564:
http://www.kb.cert.org/vuls/id/613564
US-CERT VU#753924:
http://www.kb.cert.org/vuls/id/753924
US-CERT VU#771788:
http://www.kb.cert.org/vuls/id/771788
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
134 Relaterede Secunia Advisories, displaying 10
|
|
|
1. Internet Explorer flere sårbarheder
|
|
2. Microsoft "Web Proxy Auto-Discovery" feature sikkerhedsproblem
|
|
3. Internet Explorer uspecificeret addressbar-spoofing
|
|
4. Internet Explorer "OnKeyDown" fokus-svaghed
|
|
5. Microsoft Internet Explorer afsløring af FTP login-oplysninger
|
|
6. Microsoft Internet Explorer flere sårbarheder
|
|
7. Microsoft Windows Vector Markup Language buffer overflow
|
|
8. Internet Explorer "document.open()" adressebar-spoofing
|
|
9. Microsoft Internet Explorer 7 HTTP Basic Authentication IDN-spoofing
|
|
10. Internet Explorer flere sårbarheder
|
Vis alle relaterede advisories
|
|
|
Send Feedback to Secunia
|
|
Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com.
Ideer, foreslag og andet feedback er også meget velkommen.
|
|
|
|
