Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Internet Explorer Bug in Processing Method Calls Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1020225 |
|
SecurityTracker URL: http://securitytracker.com/id/1020225
|
|
CVE Reference:
CVE-2008-1442
(Links to External Site)
|
Updated: Jun 14 2008
|
Original Entry Date: Jun 10 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.01, 6, 6 SP1, 7
|
Description:
A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create HTML with specially crafted method calls to HTML objects that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Sebastian Apelt, Peter Vreugdenhil, and an anonymous researcher reported this vulnerability via TippingPoint and the Zero Day Initiative.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=88990B23-D37F-4D02-A5A3-2EE389ADE53C
Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C47CF8A-8100-4D43-855A-F225A3492B19
Windows XP Service Pack 2 , Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3
Windows XP Service Pack 3, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CC325017-3A48-4475-90E4-0C79A002FCE3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C8783CFE-9DA5-4842-AB3A-1E2BE4FAFC47
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=286AADA6-A358-41F1-B81A-8DE39B9F908A
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6604569A-3DB0-47E7-BD30-7DFBA8145386
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0262BEB8-1EB5-4C2D-A50A-0C6C6E0C1F61
Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FBC31BDE-0BF5-490C-96A8-071310D9464A
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=19C0CCDC-95C9-4151-96B6-4F49B594EBE0
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A1AE9AD2-8329-4C96-B950-7534B3287EAA
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FB0C70B4-CE9F-43D6-875A-3CFD0D3A2681
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=28D2913C-1C6B-4671-9892-DE08698CD5A6
Windows Vista and Windows Vista Service Pack 1, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6D68B39D-157F-4C3D-AC76-BC5A9386DB59
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4CF92235-861E-4B74-BEE3-8E977C8688D9
Windows Server 2008 for 32-bit Systems*, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A8922E7E-9264-4E09-B8AD-C5420FED8690
Windows Server 2008 for x64-based Systems*, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=05B0E838-24D7-4387-B069-2604BBCC43B9
Windows Server 2008 for Itanium-based Systems, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=640E1865-EBCC-4D69-A770-FD360020DA1E
* = Windows Server 2008 is not affected if installed using the Server Core installation option.
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
On June 14, 2008 (UTC), Microsoft issued an advisory warning that the System Center Configuration Manager 2007 may fail to deploy these updates to Systems Management Services (SMS) 2003 clients:
http://www.microsoft.com/technet/security/advisory/954474.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-031.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 10 Jun 2008 14:34:29 -0400
Subject: Microsoft Security Bulletin MS08-031 - Critical: Cumulative Security Update for Internet Explorer (950759)
|
http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
CVE-2008-1442
CVE-2008-1544
|
|
Go to the Top of This SecurityTracker Archive Page
|
