Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Internet Explorer Data Stream Processing Bug Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019801 |
|
SecurityTracker URL: http://securitytracker.com/id/1019801
|
|
CVE Reference:
CVE-2008-1085
(Links to External Site)
|
Updated: Apr 23 2008
|
Original Entry Date: Apr 8 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.01 SP4, 6 SP1, 7; and prior service packs
|
Description:
A vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory error in the processing of data streams and execute arbitrary code on the target system. The code will run with the privileges of the target user.
This can be triggered by, for example, an unexpected MIME-type for which there is no handler registered on the target user's system.
Carsten Eiram of Secunia reported this vulnerability.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B051AE04-FE81-440D-9136-D6B239CA954E
Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1,
Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=75D2DC78-E3A4-4FF6-9E2D-BF1935003E8E
Microsoft Internet Explorer 6, Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=36C641AD-953F-4B09-BA1C-9C383295E180
Microsoft Internet Explorer 6, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=85BEACC0-8CA2-4DED-9C24-23348D05C735
Microsoft Internet Explorer 6, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0444B76E-93FA-43C2-B1BC-A5C054529EB5
Microsoft Internet Explorer 6, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5EBB5EF9-615F-4CAB-BAC5-6F45F1B94952
Microsoft Internet Explorer 6, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=63DA8040-FDA2-42C7-8543-26AD6F9811F2
Windows Internet Explorer 7, Windows XP Service Pack 2 and Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E771EFE8-8881-4F23-B5B0-15651A390BA9
Windows Internet Explorer 7, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, and and Windows XP Professional x64 Edition Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9364BF81-6505-4788-958D-A4BD29DC98AD
Windows Internet Explorer 7, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9ACD2A03-5530-49C8-9EA1-0BFAF259700D
Windows Internet Explorer 7, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A9E406AA-33E2-49B8-AB54-4A7328E46147
Windows Internet Explorer 7, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=75A05D3A-92A0-4A00-95D4-E2B2F6755180
Windows Internet Explorer 7, Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D4E24966-6530-463A-9EE2-F6A9D000F998
Windows Internet Explorer 7, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=295CF8F2-265E-4570-B708-21033337FE05
Windows Internet Explorer 7, Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E57B4D94-19AD-4818-8311-A3F94BE01A4B
Windows Internet Explorer 7, Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=93E9F52A-C7D0-4033-9C12-740665A219AF
Windows Internet Explorer 7, Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=ACF948E8-C4A9-40DA-B282-F5E584E77B05
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-024.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 8 Apr 2008 15:24:37 -0400
Subject: Microsoft Security Bulletin MS08-024 - Critical: Cumulative Security Update for Internet Explorer (947864)
|
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
CVE-2008-1085
|
|
Go to the Top of This SecurityTracker Archive Page
|
