Microsoft Internet Explorer Multiple Vulnerabilities - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Microsoft Internet Explorer Multiple Vulnerabilities

Secunia Advisory:	SA28903
Release Date:	2008-02-12
Last Update:	2008-02-14

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6.x Microsoft Internet Explorer 7.x

CVE reference:	CVE-2008-0076 (Secunia mirror) CVE-2008-0077 (Secunia mirror) CVE-2008-0078 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An error in the way HTML with certain layout combinations is interpreted can be exploited to corrupt memory via a specially crafted web page. 2) An error in the way the "by" property of an "animateMotion" SVG element is handled can be exploited to corrupt memory via a specially crafted web page assigning other DOM elements to the property. 3) An error in the argument validation when processing images can be exploited to corrupt memory via a specially crafted web page. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector. Solution: Apply patches. Windows 2000 SP4 and Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/de...=1032A039-468B-4C5F-8C1C-5E54C2832E41 Windows 2000 SP4 and Internet Explorer 6 SP1: http://www.microsoft.com/downloads/de...=87E66DCE-5060-4814-8754-829B4E190359 Windows XP SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/de...=BB2AA3CB-021F-4890-AB20-2A51F8E17554 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/de...=8989F576-8B30-4866-90EC-929D24F3B409 Windows Server 2003 SP1/SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/de...=429B7ED1-FE78-459A-B834-D0F3C69CB703 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/de...=E989E23C-38BB-4FE7-A830-D7BDF7659392 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6: http://www.microsoft.com/downloads/de...=5A097F7A-B696-48D0-B13F-337C5FD14E24 Windows XP SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/de...=D4AA293A-6332-4C6C-B128-876F516BD030 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/de...=B72AF1B6-6E23-4005-AEF6-82195B380153 Windows Server 2003 SP1/SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/de...=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/de...=4BB99AFC-BE14-4F2E-9570-B7FE09E39131 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/de...=6FA80E2C-5E91-4B33-ACD9-33F156660AE7 Windows Vista and Internet Explorer 7: http://www.microsoft.com/downloads/de...=0DE25B98-F443-4874-A06F-4DAAE14C16B0 Windows Vista x64 Edition and Internet Explorer 7: http://www.microsoft.com/downloads/de...=C08EBBE7-639B-4EA2-8304-FAB531930ABF Provided and/or discovered by: 1) The vendor credits Shane Macaulay and Riley Hassell, Security Objectives. 2) Reported independently by: * an anonymous person via ZDI * hyy via iDefense 3) The vendor credits Venustech of ADLABS. Changelog: 2008-02-13: Added additional information from ZDI and iDefense. 2008-02-14: Added link to US-CERT. Original Advisory: MS08-010 (KB944533): http://www.microsoft.com/technet/security/Bulletin/MS08-010.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-006.html iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661 Other References: US-CERT VU#228569: http://www.kb.cert.org/vuls/id/228569



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

140 Related Secunia Security Advisories, displaying 10

1. Internet Explorer "DisableCachingOfSSLPages" Weakness

2. Internet Explorer "Print Table of Links" Cross-Zone Scripting

3. Internet Explorer HTTP Request Smuggling/Splitting Vulnerabilities

4. Internet Explorer FTP Command Injection Vulnerability

5. Internet Explorer Multiple Code Execution Vulnerabilities

6. Microsoft Web Proxy Auto-Discovery Feature Security Issue

7. Internet Explorer Data Stream Handling Vulnerability

8. Internet Explorer Unspecified Address Bar Spoofing Vulnerability

9. Internet Explorer "OnKeyDown" Event Focus Weakness

10. Microsoft Internet Explorer FTP Credentials Exposure

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Kostenloses Linkmanagements cript Multiple Vulnerabilities

2.	Model Search "cat" SQL Injection Vulnerability

3.	Drupal Site Documentation Module Information Disclosure

4.	W1L3D4 Philboard Multiple SQL Injection Vulnerabilities

5.	Oracle Application Server Portal Authentication Bypass

6.	Interspire ActiveKB Admin Interface Cookie Security Bypass

7.	Rantx "logininfo" Security Bypass Vulnerability

8.	Pet Grooming Management System "useradded.php" Security Bypass

9.	e107 BLOG Engine Plugin "rid" SQL Injection

10.	Linux Kernel Multiple Vulnerabilities