SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022350
SecurityTracker URL:  http://securitytracker.com/id/1022350
CVE Reference:   CVE-2009-1140, CVE-2009-1141, CVE-2009-1528, CVE-2009-1529, CVE-2009-1530, CVE-2009-1531, CVE-2009-1532   (Links to External Site)
Date:  Jun 9 2009
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01, 6, 6 SP1, 7, 8
Description:   Several vulnerabilities were reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Specially crafted method calls to dynamic HTML objects can trigger memory corruption [CVE-2009-1141].

Specially crafted HTML that accesses an object that has not been properly initialized or has been deleted can trigger code execution [CVE-2009-1528, CVE-2009-1529, CVE-2009-1530, CVE-2009-1531, CVE-2009-1532].

A remote user can create specially crafted HTML that, when loaded by the target user, will bypass Internet Explorer domain restrictions and access content from another domain (including the local computer zone) [CVE-2009-1140].

Jorge Luis Alvarez Medina of Core Security Technologies, Haifei Li of Fortinet s FortiGuard Global Security Research Team, TippingPoint, Peter Vreugdenhil (via TippingPoint), Wushi (via TippingPoint), and Nils (via TippingPoint) reported these vulnerabilities.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can create HTML that, when loaded by the target user, will access information on other domains or on the target user's system.

Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 5.01 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=d645ad82-13c3-4030-808b-834e86ed3298

Microsoft Windows 2000 Service Pack 4 , Microsoft Internet Explorer 6 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=fe8b3796-a407-4f41-89eb-35b4bcc24ff6

Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=3d7f63ee-d7c3-48a5-902e-60625405e97d

Windows XP Professional x64 Edition Service Pack 2, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=088f70eb-c5c5-426a-880a-18ed386d0b56

Windows Server 2003 Service Pack 2, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=72a23752-86fb-4cc9-ab8e-63ffdfae5bec

Windows Server 2003 x64 Edition Service Pack 2, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=2a03d3c4-e39d-43a3-8d42-216e9551be96

Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=58efde2c-e0b8-4259-b19e-80564b834882

Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=827b735c-660b-4723-b688-3297e107153a

Windows XP Professional x64 Edition Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=e5d2c81e-ffab-4e3b-a59a-a55000597213

Windows Server 2003 Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=a980b867-c67f-4c61-b6db-e55c2ca68dc0

Windows Server 2003 x64 Edition Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=5e7d6372-9c8c-449d-88fd-afd4f92ad9e6

Windows Server 2003 with SP2 for Itanium-based Systems, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=a2d2907e-67ae-44a4-a805-8670e659ea57

Windows Vista and Windows Vista Service Pack 1, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=e60215c3-b8b9-4e45-9d9f-b3fb0b47cce1

Windows Vista Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=e60215c3-b8b9-4e45-9d9f-b3fb0b47cce1

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=88185088-8c2c-4bc6-89b2-87f4d4849cf7

Windows Vista x64 Edition Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=88185088-8c2c-4bc6-89b2-87f4d4849cf7

Windows Server 2008 for 32-bit Systems*, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=a0e3f975-57da-43fa-ac12-3d14fd6ce939

Windows Server 2008 for 32-bit Systems Service Pack 2*, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=a0e3f975-57da-43fa-ac12-3d14fd6ce939

Windows Server 2008 for x64-based Systems*, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=758edce7-2a82-4b2e-bd71-5b7075cc4b17

Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=758edce7-2a82-4b2e-bd71-5b7075cc4b17

Windows Server 2008 for Itanium-based Systems, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=67d4c189-030d-42eb-98b9-7957ccd92592

Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=67d4c189-030d-42eb-98b9-7957ccd92592

Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=d9e27ce1-4e7c-437f-9477-e7805a33da08

Windows XP Professional x64 Edition Service Pack 2, Windows Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=a24aedf0-7a31-4ee8-a9a6-998f1160c700

Windows Server 2003 Service Pack 2, Windows Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=298143f2-f37a-4a2c-86ac-9804d4ff1dad

Windows Server 2003 x64 Edition Service Pack 2, Windows Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=4a5401d7-ca97-4734-a0e9-d7ffe0777e34

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Windows Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=6f2730e9-b4fc-4f20-96cf-73f1be63f374

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, Windows Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=5edb14f7-11ec-4180-9f0f-b2673f1c8d83

Windows Server 2008 for 32-bit Systems* and Windows Server 2008 for 32-bit Systems Service Pack 2*, Windows Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=aaad301c-d232-4733-a0df-8e5d41bbfde8

Windows Server 2008 for x64-based Systems* and Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=faac92d4-4a2b-4bb5-8bd1-1519a9fa8147

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-019.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Tue, 9 Jun 2009 13:21:48 -0400
Subject:  http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx


Microsoft Security Bulletin MS09-019 - Critical: Cumulative Security Update for Internet Explorer (969897)

CVE-2007-3091
CVE-2009-1140
CVE-2009-1141
CVE-2009-1528
CVE-2009-1529
CVE-2009-1530
CVE-2009-1531
CVE-2009-1532


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC