Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft Internet Explorer Multiple Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Microsoft Internet Explorer Multiple Vulnerabilities

Secunia Microsoft Internet Explorer Multiple Vulnerabilities
Secunia Official 10th Jul, 2010 12:48
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.

1) An error in the sanitisation of HTML code within the "toStaticHTML()" method can be exploited to conduct cross-site scripting attacks and potentially disclose sensitive information.

Successful exploitation requires a web site that uses the "toStaticHTML" API.

This vulnerability only affects the Quirk rendering mode in Internet Explorer 8.

This vulnerability is related to vulnerability #2 in:
SA39603

2) An unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page.

3) An unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted in the IE8 Developer Toolbar. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page and is enticed to press the F12 key in response to a prompt.

4) Another unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted in the IE8 Developer Toolbar. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page and is enticed to press the F12 key in response to a prompt.

5) A use-after-free error exists in the implementation of the CStyleSheet object. This can be exploited to trigger the use of an invalid pointer if a stylesheet is created as part of an element that is not in a markup.

Successful exploitation of vulnerabilities #2 through #5 allows execution of arbitrary code.

amandajnmaui

RE: Microsoft Internet Explorer Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.
thedillpickl RE: Microsoft Internet Explorer Multiple Vulnerabilities
Contributor 10th Jul, 2010 19:09
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Amanda;

If you have a question about Internet Explorer or other programs, please start a new thread in "Create new thread" under "Programs".

The "Vulnerabilities" section is used to report vulnerabilities and responses to them by vendor/manufacturers, etc.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+3
-0

tiguelin1

RE: Microsoft Internet Explorer Multiple Vulnerabilities [B]
[+]
This reply has been minimised due to a negative Relevancy Score.
thedillpickl RE: Microsoft Internet Explorer Multiple Vulnerabilities
Contributor 7th Jan, 2011 15:17
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
tiguelin1;

Si tiene alguna pregunta acerca de Internet Explorer u otros programas, tiene que iniciar un nuevo tema en "hilo Crear un nuevo" bajo "programas ".

Las "vulnerabilidades" sección se utiliza para informar las vulnerabilidades y las respuestas a ellos por el proveedor y / o fabricantes, etc


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+3
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability