فا

‫ Microsoft Internet Explorer Multiple Vulnerabilities

IRCAD2011061251
ID:IRCAD2011061251
Release Date: 2011-06-15
Criticality level: Highly critical
Software:
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x
Description:
Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
1) An error when downloading certain content can be exploited to perform certain unexpected actions and disclose MIME information from a different domain or Internet Explorer zone.
2) A use-after-free error when handling link properties can be exploited to corrupt memory.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
3) A use-after-free error when handling a DOM object can be exploited to corrupt memory.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
4) An error within the "toStaticHTML()" function when sanitising certain strings can be exploited to disclose certain information.
5) A use-after-free error when handling drag and drop events on certain content can be exploited to corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
6) A use-after-free error when handling certain time elements can be exploited to corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
7) A use-after-free error when handling certain copy and paste operations on DOM objects can be exploited to corrupt memory.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
8) An error when handling drag and drop events on certain content can be exploited to disclose information from another domain or Internet Explorer zone.
9) A use-after-free error when handling layouts can be exploited to corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
10) A use-after-free error within the selection objection can be exploited to corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
11) A use-after-free error when handling HTTP redirects can be exploited to corrupt memory.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
Solution:
Apply patches.
References:
MS11-050 (KB2530548):
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 25 بهمن 1390

امتیاز

امتیاز شما
تعداد امتیازها: 0