‫ Microsoft Internet Explorer Multiple Vulnerabilities

IRCAD2012061982
ID: IRCAD2012061982
Release Date: 2012-06-12
Criticality level: Highly critical
 
Software:
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x
 
Description:
Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose sensitive information, conduct cross-site scripting attacks, and compromise a user's system.
1) An error when handling the "Center" element can be exploited to access an already deleted object and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
2) An unspecified error in the "toStaticHTML" API when sanitising HTML code can be exploited to execute arbitrary HTML and script code in the user's browser session in context of a targeted site.
3) An error when handling EUC-JP character encoding can be exploited to execute arbitrary HTML and script code in the user's browser session in context of a targeted site.
4) An unspecified error when processing NULL bytes can be exploited to disclose content from the process memory.
5) An unspecified error within the developer toolbar can be exploited to access an already deleted object and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
6) An error when handling the "Same ID" property can be exploited to access an already deleted object and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
7) An error when handling the "Col" element can be exploited to access a nonexistent object and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
8) An error when handling the "Title" element can be exploited to access an already deleted object and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
9) An error when handling the "OnBeforeDeactivate" event can be exploited to access an already deleted object and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
10) An error when handling the "insertAdjacentText" method can be exploited to access undefined memory and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
11) An error when handling the "insertRow" method can be exploited to access an already deleted object and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
12) An error when handling the "OnRowsInserted" event can be exploited to access an already deleted object and corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
13) An error within the handling of the "Scrolling" event can be exploited to disclose information from another domain or Internet Explorer zone.
 
 
 
Solution
Apply patches.
 
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
 
 
References:
MS12-037 (KB2699988)
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 خرداد 1391

امتیاز

امتیاز شما
تعداد امتیازها:0