Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Internet Explorer Data Stream Processing Bug Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019801
|
|
SecurityTracker URL: http://securitytracker.com/id?1019801
|
|
CVE Reference: CVE-2008-1085
(Links to External Site)
|
Updated: Apr 23 2008
|
Original Entry Date: Apr 8 2008
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Version(s): 5.01 SP4, 6 SP1, 7; and prior service packs
|
Description: A vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory error in the processing
of data streams and execute arbitrary code on the target system. The code will run with the privileges of the target user.
This
can be triggered by, for example, an unexpected MIME-type for which there is no handler registered on the target user's system.
Carsten
Eiram of Secunia reported this vulnerability.
|
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: The vendor has issued the following fixes:
Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, Microsoft Windows 2000
Service Pack 4, Microsoft Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B051AE04-FE81-440D-9136-D6B239CA954E
Inter
net Explorer 5.01 and Internet Explorer 6 Service Pack 1,
Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 6
Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=75D2DC78-E3A4-4FF6-9E2D-BF1935003E8E
Microsoft Internet
Explorer 6, Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=36C641AD-953F-4B09-BA1C-9C383295E180
Microsoft
Internet Explorer 6, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?Family
Id=85BEACC0-8CA2-4DED-9C24-23348D05C735
Microsoft Internet Explorer 6, Windows Server 2003 Service Pack 1 and Windows Server
2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0444B76E-93FA-43C2-B1BC-A5C054529EB5
Microsoft
Internet Explorer 6, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5EBB5
EF9-615F-4CAB-BAC5-6F45F1B94952
Microsoft Internet Explorer 6, Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=63DA8040-FDA2-42C7-8543-26AD6F9811F2
Windows
Internet Explorer 7, Windows XP Service Pack 2 and Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E771EFE8-8881-4F23-B5B0-15651A39
0BA9
Windows Internet Explorer 7, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, and
and Windows XP Professional x64 Edition Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9364BF81-6505-4788-958D-A4BD29DC98AD
Windows
Internet Explorer 7, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9ACD2A03-5530-
49C8-9EA1-0BFAF259700D
Windows Internet Explorer 7, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service
Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A9E406AA-33E2-49B8-AB54-4A7328E46147
Windows Internet Explorer
7, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?F
amilyId=75A05D3A-92A0-4A00-95D4-E2B2F6755180
Windows Internet Explorer 7, Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details
.aspx?FamilyId=D4E24966-6530-463A-9EE2-F6A9D000F998
Windows Internet Explorer 7, Windows Vista x64 Edition and Windows Vista
x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=295CF8F2-265E-4570-B708-21033337FE05
Windows
Internet Explorer 7, Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E57B4D94-19AD-4818-8311-A3F94BE01A4B
Windows
Internet Explorer 7, Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=93E9F52A-C7D0-4033-9C12-740665A219AF
Window
s Internet Explorer 7, Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=ACF948E8-C4A9-40DA-B282-F5E584E77B05
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-024.mspx (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 8 Apr 2008 15:24:37 -0400
Subject: Microsoft Security Bulletin MS08-024 - Critical: Cumulative Security Update for Internet Explorer (947864)
|
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
CVE-2008-1085
|
|
Go to the Top of This SecurityTracker Archive Page
|
