Forum Thread: Microsoft Internet Explorer Multiple Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Microsoft Internet Explorer Multiple Vulnerabilities

Secunia Microsoft Internet Explorer Multiple Vulnerabilities
Secunia Official 10th Jul, 2010 12:48
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.

1) An error in the sanitisation of HTML code within the "toStaticHTML()" method can be exploited to conduct cross-site scripting attacks and potentially disclose sensitive information.

Successful exploitation requires a web site that uses the "toStaticHTML" API.

This vulnerability only affects the Quirk rendering mode in Internet Explorer 8.

This vulnerability is related to vulnerability #2 in:
SA39603

2) An unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page.

3) An unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted in the IE8 Developer Toolbar. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page and is enticed to press the F12 key in response to a prompt.

4) Another unspecified error exists when accessing an object that has not been correctly initialised or that has been deleted in the IE8 Developer Toolbar. This can be exploited to corrupt memory e.g. if a user visits a specially crafted web page and is enticed to press the F12 key in response to a prompt.

5) A use-after-free error exists in the implementation of the CStyleSheet object. This can be exploited to trigger the use of an invalid pointer if a stylesheet is created as part of an element that is not in a markup.

Successful exploitation of vulnerabilities #2 through #5 allows execution of arbitrary code.

amandajnmaui

RE: Microsoft Internet Explorer Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.
thedillpickl RE: Microsoft Internet Explorer Multiple Vulnerabilities
Contributor 10th Jul, 2010 19:09
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Amanda;

If you have a question about Internet Explorer or other programs, please start a new thread in "Create new thread" under "Programs".

The "Vulnerabilities" section is used to report vulnerabilities and responses to them by vendor/manufacturers, etc.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+3
-0

tiguelin1

RE: Microsoft Internet Explorer Multiple Vulnerabilities [B]
[+]
This reply has been minimised due to a negative Relevancy Score.
thedillpickl RE: Microsoft Internet Explorer Multiple Vulnerabilities
Contributor 7th Jan, 2011 15:17
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
tiguelin1;

Si tiene alguna pregunta acerca de Internet Explorer u otros programas, tiene que iniciar un nuevo tema en "hilo Crear un nuevo" bajo "programas ".

Las "vulnerabilidades" sección se utiliza para informar las vulnerabilidades y las respuestas a ellos por el proveedor y / o fabricantes, etc


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+3
-0