Microsoft Security Bulletin MS06-004:
Cumulative Security Update for Internet Explorer (910620)
Bulletin URL:
<http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx>
Version Number: 1.0
Issued Date: Tuesday, February 14, 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: This update replaces the update that is included
with Microsoft Security Bulletin MS05-054. That update is also a
cumulative update.
Caveats: Microsoft Knowledge Base Article 910620 documents the currently
known issues that customers may experience when they install this
security update. The article also documents recommended solutions for
these issues. For more information, see Microsoft Knowledge Base Article
910620. This update does include hotfixes that have been released since
the release of MS04-004 and MS04-025, but they will only be installed on
systems that need them. Customers who have received hotfixes from
Microsoft or from their support providers since the release of MS04-004
or MS04-025 should review the 'I have received a hotfix from Microsoft
or my support provider since the release of MS04-004. Is that hotfix
included in this security update?' question in the FAQ section of this
bulletin to determine how you can make sure that the necessary hotfixes
are installed. Microsoft Knowledge Base Article 910620 also documents
this in more detail.
Tested Software:
Affected Software:
------------------
* Microsoft Windows 2000 Service Pack 4
* Internet Explorer 5.01 Service Pack 4 on Windows 2000 (all versions)
Affected Components:
--------------------
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000
Service Pack 4
<http://tinyurl.com/danx9>
Technical Description:
----------------------
* WMF Image Parsing Memory Corruption Vulnerability - CVE-2006-0020: A
remote code execution vulnerability exists in Internet Explorer because
of the way that it handles Windows Metafile (WMF) images. An attacker
could exploit the vulnerability by constructing a specially crafted WMF
image that could potentially allow remote code execution if a user
visited a malicious Web site, opened or previewed an e-mail message, or
opened a specially crafted attachment in e-mail. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. Note that this vulnerability in Internet Explorer is
separate from the vulnerabilities addressed in Windows in MS05-053 and
MS06-001.
This email is sent to NTBugtraq automagically as a service to my
subscribers. (v4.01.2194.14842)
Cheers,
Russ Cooper - Senior Scientist - Cybertrust/NTBugtraq Editor
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an
Anti-Virus product which automatically notifies the perceived sender of a
message it believes is infected may well cause more harm than good. Someone who
did not actually send you a virus may receive the notification and scramble
their support staff to find an infection which never existed in the first
place. Suggest such notifications be disabled by whomever is responsible for
your AV, or at least that the idea is considered.
--
