Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Internet Explorer Flaws Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1023002 |
|
SecurityTracker URL: http://securitytracker.com/id/1023002
|
|
CVE Reference:
CVE-2009-1547, CVE-2009-2529, CVE-2009-2530, CVE-2009-2531
(Links to External Site)
|
Updated: Nov 4 2009
|
Original Entry Date: Oct 13 2009
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.01, 6 SP1, 7, 8
|
Description:
Several vulnerabilities were reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted data stream header can trigger memory corruption [CVE-2009-1547]. SkyLined of Google Inc. reported this vulnerability.
Specially crafted variable arguments can trigger code execution [CVE-2009-2529].
A specially crafted object that has been deleted or has not been properly initialized can trigger code execution [CVE-2009-2530, CVE-2009-2531]. Sam Thomas of eshu.co.uk reported one of these vulnerabilties via TippingPoint. TippingPoint reported the other.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4, Microsoft Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=26515c7b-d7a6-4405-96b5-a518dcb39d38
Microsoft Windows 2000 Service Pack 4 , Microsoft Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=8154ba37-0fbc-4d31-9d6e-0b21586ad65a
Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=9aacf890-afb4-46a7a13f-dd9fe3c0ca4a
Windows XP Professional x64 Edition Service Pack 2, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=89a2cf2a-a7a2-4d4b-aa6f-24dde288d500
Windows Server 2003 Service Pack 2, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=8101625d-ee93-46e5-aec2-3bdbf2d86472
Windows Server 2003 x64 Edition Service Pack 2, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=2f966053-01eb-4a23-a9d5-71deac2498ea
Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=79a1a94d-3b47-47e9-9476-2f591c3f6a59
Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=dc166dc6-577f-4d8d-94df-dd963233dd85
Windows XP Professional x64 Edition Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=bd54e595-25f2-4839-a838-2a0f809bde2b
Windows Server 2003 Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=4647bcf1-69fb-4ad6-9e03-7bc22d8a914b
Windows Server 2003 x64 Edition Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=e7d77bd9-8317-42f3-9ad1-a0b8bfa65b53
Windows Server 2003 with SP2 for Itanium-based Systems, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=07e66c09-2cd7-47ba-bf87-d3da602184b4
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=f6995616-2a84-4c26-9599-26f1314873ed
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=b3de5236-afdd-436e-8648-5382d564cc99
Windows Server 2008 for 32-bit Systems* and Windows Server 2008 for 32-bit Systems Service Pack 2*, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=72dd580e-eb53-41da-a5c0-a392ad388bfc
Windows Server 2008 for x64-based Systems* and Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=0111d741-bda4-4a50-a12b-d3337ff4441d
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=e81f30b7-ef05-4488-b62a-d330e17129cf
Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=8799159ddf69-49f6-9db5-49147690ce0c
Windows XP Professional x64 Edition Service Pack 2, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=77b18fc2e769-47c6-8e72-916716a49e58
Windows Server 2003 Service Pack 2, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=9eae7eca-1a6f-4397-a6e2-7dda6b9d5276
Windows Server 2003 x64 Edition Service Pack 2, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=708a549d-11fd-43bf-a6e1-309e3205d59d
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=e8f6014f-950b-4e11-a105-51d298069f1a
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=85978f28-5fc0-481b-9b03-2021c785889b
Windows Server 2008 for 32-bit Systems* and Windows Server 2008 for 32-bit Systems Service Pack 2*, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=1baf7e96-ba3e-47e7-8ea3-eb092e653a39
Windows Server 2008 for x64-based Systems* and Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=7a4b755b-7fa0-43aa-8862-c1d0c7d94c2c
Windows 7 for 32-bit Systems, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=89d1fb78-68cd-48dd-afc2-15a79ebe9fde
Windows 7 for x64-based Systems, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=10d9f7ac-65f4-437c-91cc-171632c69b0e
Windows Server 2008 R2 for x64-based Systems*, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=f50307d6-7869-4996-9ff7-23f87d08994b
Windows Server 2008 R2 for Itanium-based Systems, Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=9b6a28ae-b3f2-42b0-8209-e3950ec37abb
A restart is required.
On November 3, 2009, Microsoft updated their MS09-054 bulletin to indicate that a hotfix (976749) is available to correct application compatibility issues with the MS09-054 security fix. The hotfix is described at:
http://support.microsoft.com/kb/976749
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms09-054.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Oct 2009 13:05:02 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
|
Microsoft Security Bulletin MS09-054 - Critical: Cumulative Security Update for Internet Explorer (974455)
CVE-2009-1547
CVE-2009-2529
CVE-2009-2530
CVE-2009-2531
|
|
Go to the Top of This SecurityTracker Archive Page
|
