SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer Flaws Permit Cross-Domain Scripting Attacks and Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021047
SecurityTracker URL:  http://securitytracker.com/id/1021047
CVE Reference:   CVE-2008-3472, CVE-2008-3473, CVE-2008-3474, CVE-2008-3475, CVE-2008-3476   (Links to External Site)
Date:  Oct 14 2008
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01, 6, 6 SP1, 7
Description:   Several vulnerabilities were reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-domain scripting attacks. A remote user can determine the installation path.

A remote user can create specially crafted HTML that, when loaded by the target user, will cause arbitrary scripting code to be executed by the target user's browser.

On IE 6 SP1 running on Windows 2000 SP4, a specially crafted HTML element can trigger arbitrary script execution in an arbitrary domain [CVE-2008-3472].

On IE 6 SP1 running on Windows 2000 SP4, a specially crafted HTML object event can trigger arbitrary script execution in an arbitrary domain [CVE-2008-3473].

Specially crafted HTML can trigger arbitrary script execution in an arbitrary domain [CVE-2008-3474]. The code will be able to access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Specially crafted HTML can cause the target user's browser to access an object that has not been initialized or has been deleted, resulting in arbitrary script execution [CVE-2008-3475].

Specially crafted HTML can trigger a memory corruption error, resulting in arbitrary script execution [CVE-2008-3476].

David Bloom, Gregory Rubin, Ivan Fratric via TippingPoint, Thierry Zoller of n.runs, and Lee Dagon of Composica reported these vulnerabilities.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary scripting code on the target user's system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with arbitrary sites, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   The vendor has issued the following fixes as part of a cumulative update:

Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 5.01 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD-42EB-A90E-607D01613DB7

Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=02390258-08E9-4B75-960D-BE081B749558

Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=A7F0F47B-B1EE-4516-9FBF-BF8E579963D0

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=234C05FB-988B-4E02-AAB6-BB23E447DF3D

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=AE8D22D5-20AA-471D-A423-F54C9D75FEBE

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=07FC88C4-2571-4A4D-B573-AE576798AB4C

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=B68937AF-F04A-4D1E-9D7F-EC92AF5194DE

Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=4E73DE2B-05E6-4901-9BAC-46D8F469E635

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=CCF7A3E3-EC30-4B95-9A86-00032301513C

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=FEAF2ADF-7892-4DBF-A147-DB4D5DBE52F3

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=319DBA34-07CA-47F9-A1E9-20DF2DF7966B

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=47381D91-4A14-4A09-96B3-3345155DF52D

Windows Vista and Windows Vista Service Pack 1, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=4756E04B-6E1C-4D78-A3C0-17F6B4B97975

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=BD19C72B-4F83-47AB-93BE-D2C286E732C4

Windows Server 2008 for 32-bit Systems, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=EC73F416-2204-42D6-8932-C96578AC819F

Windows Server 2008 for x64-based Systems, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=BAACD1C2-9764-4FEA-BD4D-C49791974FEF

Windows Server 2008 for Itanium-based Systems, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=250A45DD-7EAE-4440-BD10-02A703940976

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-058.mspx (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Tue, 14 Oct 2008 13:33:11 -0400
Subject:  http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx


Microsoft Security Bulletin MS08-058 - Critical: Cumulative Security Update for Internet Explorer (956390)

CVE-2008-2947
CVE-2008-2948
CVE-2008-2949
CVE-2008-3472
CVE-2008-3473
CVE-2008-3474
CVE-2008-3475
CVE-2008-3476

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC