SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer Cross-Site Scripting Filter Can Be Bypassed
SecurityTracker Alert ID:  1023494
SecurityTracker URL:  http://securitytracker.com/id/1023494
CVE Reference:   CVE-2009-4074   (Links to External Site)
Date:  Jan 21 2010
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8
Description:   A vulnerability was reported in Microsoft Internet Explorer. A remote user can bypass the cross-site scripting filter.

A remote user can create a specially crafted URL that, when loaded by a target user, will bypass the cross-site scripting filter.

Only Internet Explorer version 8 is affected.

David Lindsay "thornmaker" and Eduardo A. Vela Nava "sirdarckcat" reported this vulnerability.

Impact:   A remote user can bypass the cross-site scripting filter.
Solution:   The vendor has issued the following fixes as part of a cumulative update for Internet Explorer.

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=7c2948fb-f486-4801-bc21-bbf40d5a78c2

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=41b83fad-948b-4a9c-80ed-9c5a60bd35b4

Windows Server 2003 Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=7d480c87-2ca9-4505-a59d-a6d73d001fa5

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=3e2e740b-8417-4758-8468-15221249ec71

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=5e2cbd7d-f64f-49e5-a159-1965ebfe2a92

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=b7a7e8e7-f4c5-459d-ab6c-05a192e1e3f9

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=f5ce8582-af63-4870-bee3-0abeeefa1458

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=be11981c-d286-4e3c-94bf-d4e67a975d5a

Windows 7 for 32-bit Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=278443c1-15dc-436b-893b-ffea6d29d16d

Windows 7 for x64-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=a584cd0f-2e05-4e36-8858-0ffead637162

Windows Server 2008 R2 for x64-based Systems**, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=d3386793-a594-4bc5-8308-28b561d43087

Windows Server 2008 R2 for Itanium-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=9d137bab-8312-4240-af74-c65ba652fde0

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-002.mspx (Links to External Site)
Cause:   Input validation error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Thu, 21 Jan 2010 18:18:07 +0000
Subject:  http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx


Microsoft Security Bulletin MS10-002 - Critical: Cumulative Security Update for Internet Explorer (978207)

CVE-2009-4074


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC