SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer Data Stream Processing Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1019801
SecurityTracker URL:  http://securitytracker.com/id/1019801
CVE Reference:   CVE-2008-1085   (Links to External Site)
Updated:  Apr 23 2008
Original Entry Date:  Apr 8 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01 SP4, 6 SP1, 7; and prior service packs
Description:   A vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory error in the processing of data streams and execute arbitrary code on the target system. The code will run with the privileges of the target user.

This can be triggered by, for example, an unexpected MIME-type for which there is no handler registered on the target user's system.

Carsten Eiram of Secunia reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 5.01 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B051AE04-FE81-440D-9136-D6B239CA954E

Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1,
Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=75D2DC78-E3A4-4FF6-9E2D-BF1935003E8E

Microsoft Internet Explorer 6, Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=36C641AD-953F-4B09-BA1C-9C383295E180

Microsoft Internet Explorer 6, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=85BEACC0-8CA2-4DED-9C24-23348D05C735

Microsoft Internet Explorer 6, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0444B76E-93FA-43C2-B1BC-A5C054529EB5

Microsoft Internet Explorer 6, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5EBB5EF9-615F-4CAB-BAC5-6F45F1B94952

Microsoft Internet Explorer 6, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=63DA8040-FDA2-42C7-8543-26AD6F9811F2

Windows Internet Explorer 7, Windows XP Service Pack 2 and Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E771EFE8-8881-4F23-B5B0-15651A390BA9

Windows Internet Explorer 7, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition Service Pack 2, and and Windows XP Professional x64 Edition Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9364BF81-6505-4788-958D-A4BD29DC98AD

Windows Internet Explorer 7, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9ACD2A03-5530-49C8-9EA1-0BFAF259700D

Windows Internet Explorer 7, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=A9E406AA-33E2-49B8-AB54-4A7328E46147

Windows Internet Explorer 7, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=75A05D3A-92A0-4A00-95D4-E2B2F6755180

Windows Internet Explorer 7, Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D4E24966-6530-463A-9EE2-F6A9D000F998

Windows Internet Explorer 7, Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=295CF8F2-265E-4570-B708-21033337FE05

Windows Internet Explorer 7, Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E57B4D94-19AD-4818-8311-A3F94BE01A4B

Windows Internet Explorer 7, Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=93E9F52A-C7D0-4033-9C12-740665A219AF

Windows Internet Explorer 7, Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=ACF948E8-C4A9-40DA-B282-F5E584E77B05

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-024.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents

Date:  Tue, 8 Apr 2008 15:24:37 -0400
Subject:  Microsoft Security Bulletin MS08-024 - Critical: Cumulative Security Update for Internet Explorer (947864)


http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx

CVE-2008-1085
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC