Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Cumulative Security Update for Internet Explorer (MS06-042)

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Cumulative Security Update for Internet Explorer (MS06-042)
Date: 9 Aug 2006 17:11:23 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Cumulative Security Update for Internet Explorer (MS06-042)
------------------------------------------------------------------------


SUMMARY

Multiple security vulnerabilities have been discovered in Internet 
Explorer, these vulnerabilities allow a remote attacker to disclose 
sensitive information about the remote host, corrupt memory which in turn 
causes execution of code and cause cross domain injections.

DETAILS

Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 
2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service 
Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft 
Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

Tested Microsoft Windows Components:
Affected Components:
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 
Pack 4 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE3F143-19A6-4F22-B53B-B6A7DA33DAF4>
 Download the update
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 
4 or on Microsoft Windows XP Service Pack 1 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F17679-3AA5-4D66-A81E-F990FD0B48D2>
 Download the update
Internet Explorer 6 for Microsoft Windows XP Service Pack 2 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB85BCA-0C17-44AA-B74E-F01B5392BB31>
 Download the update
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft 
Windows Server 2003 Service Pack 1 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=20288DA2-A308-45C6-BD80-C68C997529BD>
 Download the update
Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based 
Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based 
Systems -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=663F1E83-BDC0-4EC6-A263-398E7222C9B5>
 Download the update
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=5C2A23AC-3F2E-4BEC-BE16-4B45B44C6346>
 Download the update
Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0CE7F66D-4D83-4090-A034-9BBE286D96FA>
 Download the update

Redirect Cross-Domain Information Disclosure Vulnerability - 
CVE-2006-3280:
An information disclosure vulnerability exists in Internet Explorer in the 
way that a redirect is handled. An attacker could exploit the 
vulnerability by constructing a specially crafted Web page that could 
allow for information disclosure if a user viewed the Web page. An 
attacker who successfully exploited this vulnerability could read file 
data from a Web page in another Internet Explorer domain. This other Web 
page must use gzip encoding or some other compression type supported by 
Internet Explorer for any information disclosure to occur. This other Web 
page must also be cached on the client side for a successful exploit.

HTML Layout and Positioning Memory Corruption Vulnerability - 
CVE-2006-3450:
A remote code execution vulnerability exists in the way Internet Explorer 
interprets HTML with certain layout positioning combinations. An attacker 
could exploit the vulnerability by constructing a specially crafted Web 
page that could potentially allow remote code execution if a user viewed 
the Web page. An attacker who successfully exploited this vulnerability 
could take complete control of an affected system.

CSS Memory Corruption Vulnerability - CVE-2006-3451:
A remote code execution vulnerability exists in the way Internet Explorer 
handles chained Cascading Style Sheets (CSS). An attacker could exploit 
the vulnerability by constructing a specially crafted Web page that could 
potentially allow remote code execution if a user viewed the Web page. An 
attacker who successfully exploited this vulnerability could take complete 
control of an affected system.

HTML Rendering Memory Corruption Vulnerability - CVE-2006-3637:
A remote code execution vulnerability exists in the way Internet Explorer 
interprets HTML with certain layout combinations. An attacker could 
exploit the vulnerability by constructing a specially crafted Web page 
that could potentially allow remote code execution if a user viewed the 
Web page. An attacker who successfully exploited this vulnerability could 
take complete control of an affected system.

COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-3638:
A remote code execution vulnerability exists in the way Internet Explorer 
instantiates COM objects that are not intended to be instantiated in 
Internet Explorer. An attacker could exploit the vulnerability by 
constructing a specially crafted Web page that could potentially allow 
remote code execution if a user viewed the Web page. An attacker who 
successfully exploited this vulnerability could take complete control of 
an affected system.

Source Element Cross-Domain Vulnerability - CVE-2006-3639:
A remote code execution and information disclosure vulnerability exists in 
Internet Explorer in the way that a redirect is handled. An attacker could 
exploit the vulnerability by constructing a specially crafted Web page 
that could allow for information disclosure if a user viewed the Web page. 
An attacker who successfully exploited this vulnerability could read file 
data from a Web page in another Internet Explorer domain.

On Windows 2000 Service Pack 4 and Windows XP Service Pack 1 an attacker 
could exploit the vulnerability by constructing a specially crafted Web 
page that could potentially allow remote code execution if a user viewed 
the Web page. An attacker who successfully exploited this vulnerability 
could take complete control of an affected system.


Window Location Information Disclosure Vulnerability - CVE-2006-3640:
An information disclosure vulnerability exists in Internet Explorer where 
script can be persisted across navigations and used to gain access to the 
location of a Window in another domain or Internet Explorer zone. An 
attacker could exploit the vulnerability by constructing a specially 
crafted Web page that could allow for information disclosure if a user 
viewed the Web page. An attacker who successfully exploited this 
vulnerability could gain access to the Window location of a Web page in 
another domain or Internet Explorer zone.

FTP Server Command Injection Vulnerability - CVE-2004-1166:
An elevation of privilege vulnerability exists in the way Internet 
Explorer handles specially crafted FTP links that contain line feeds. An 
attacker could exploit the vulnerability by constructing a specially 
crafted Web page that could potentially allow the attacker to issue FTP 
server commands if a user clicked on an FTP link. An attacker who 
successfully exploited this vulnerability could issue server commands as 
the user to servers.


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:  
<http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx> 
http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Cumulative Security Update for Internet Explorer (MS06-042), SecuriTeam <=
Previous by Date:  [NT] Vulnerabilities in DNS Resolution Allows Code Execution (MS06-041), SecuriTeam
Next by Date:  [NT] Vulnerability in Microsoft Management Console Allows Code Execution (MS06-044), SecuriTeam
Previous by Thread:  [NT] Vulnerabilities in DNS Resolution Allows Code Execution (MS06-041), SecuriTeam
Next by Thread:  [NT] Vulnerability in Microsoft Management Console Allows Code Execution (MS06-044), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]