Secunia

Microsoft has issued a cumulative patch for Internet Explorer, which fixes the following four vulnerabilities:

1) A boundary error exists in "urlmon.dll" because certain parameters are checked incorrectly. A malicious person can exploit this to cause a buffer overflow on a user's system and execute arbitrary code with the privileges of the user by constructing a speciel web page and trick a user into visiting it.

2) An information disclosure vulnerability exists in the file upload control caused by a flaw in the way incoming requests for file uploads are handled. This allows input to be passed to the vulnerable control without user interaction. A malicious person can exploit this to retrieve arbitrary files from a user's system by constructing a malicious web page and luring the user into visiting it.

Successful exploitation requires that the requested file is not in use and that the malicious person knows the exact location of the file on the user's system.

3) An input validation error exists in a method for invoking third party plug-ins. The problem is that parameters of the URL used to reference a third party file type is not checked properly. A malicious person can exploit this to execute arbitrary script code on a user's system in the local computer zone by constructing a web page containing a specially crafted link to a third party file.

4) An information disclosure vulnerability exists in the way modal dialogs are rendered. Specifically, the vulnerability is caused by an input validation error because a parameter in the Cascading Style Sheet input parameter for modal dialogs is not checked properly. A malicious person can exploit this to read arbitrary files on a user's system by contructing a special web page and luring the user into visiting it.

Successful exploitation requires that the malicious person knows the exact location of the file on the user's system.

It is also possible to exploit the described vulnerabilities automatically in an email-borne attack when a user views a malicious email. However, this is not possible if the user is viewing the email in Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or Outlook 2000 in conjunction with the Outlook Email Security Update.

NOTE: The released patch also sets the Kill Bit on the ActiveX control "plugin.ocx" and includes a fix for Internet Explorer 6.0 SP1, which corrects the way help information is displayed in the local computer zone.

Solution
Apply patch manually or via Windows Update:
Further details available in Customer Area

Provided and/or discovered by
Microsoft credits the following:
Mark Litchfield, Andreas Sandblad and Jouko Pynnönen.

Original Advisory
http://www.microsoft.com/technet/security/bulletin/MS03-015.asp

Deep Links
Links available in Customer Area