SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1024068
SecurityTracker URL:  http://securitytracker.com/id/1024068
CVE Reference:   CVE-2010-1257, CVE-2010-1259, CVE-2010-1260, CVE-2010-1261, CVE-2010-1262   (Links to External Site)
Updated:  Sep 15 2011
Original Entry Date:  Jun 8 2010
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6, 6 SP1, 7, 8
Description:   Several vulnerabilities were reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary scripting code in the context of a site using the toStaticHTML API [CVE-2010-1257]. Chris Weber of Casaba Security and Takeshi Terada reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will access an object that has been deleted or not properly initialized and execute arbitrary code on the target system [CVE-2010-1259]. The code will run with the privileges of the target user. Michal Zalewski of Google Inc. reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user and when the target user opens the IE8 Developer Toolbar, will execute arbitrary code on the target system [CVE-2010-1260, CVE-2010-1261]. Chris Rohlf of Matasano Security reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will access an object that has been deleted or not properly initialized and execute arbitrary code on the target system [CVE-2010-1262]. Peter Vreugdenhil (via TippingPoint'sZero Day Initiative) reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4, Internet Explorer 5.01 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=0a6c09e5-c655-41a0-a133-78d55267a527

Microsoft Windows 2000 Service Pack 4, Internet Explorer 6 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=e2f27eeb-54be-40be-a00e-72867090b8e7

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=bfe87761-ed9e-4fec-a393-d7fddb919db4

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=7780af61-a206-49aa-a805-a49bdcbb5419

Windows Server 2003 Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=bfb9acdb-2d9c-4c22-963c-8b9ce247350f

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=81644c43-22c0-4c61-b395-3264516516a6

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=abcdc3bb-4659-4b63-a9bd-e448f8bed90a

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=fc02fc7e-ee85-4377-b54c-012fa60a8c9c

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=6c7cda29-161e-49b4-976a-c718c0aa11a0

Windows Server 2003 Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=f0187b69-3ed9-494c-89f1-90a35e22078c

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=50b8ee2e-31f8-473d-83d1-822c89c28070

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=123bf547-9005-451f-9eba-97a68037304e

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=661c9528-917d-4df6-a330-c89f39dc5ce4

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=d9f5feb0-fa1a-40c1-9971-9b8af6f0b4a5

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=bed14484-7fc5-455d-b996-3192467543cc

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=a24554e8-213b-4c24-b062-ec424d64128e

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=dee5c0c0-b844-490d-8daf-6e6ec8a39e35

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=9cff9aba-7743-4c33-87c7-37d06ed60a21

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=37cd7533-ddad-4d0d-85c0-1491308e1ff8

Windows Server 2003 Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=ebab6101-fcf1-4842-b22d-893a20c1c10f

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=87e13912-f861-4985-ab9d-260a5898dfd4

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=640f9216-3e99-46b6-aac8-cd051eedad3c

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=3076d1ea-7716-4b54-8ec4-660374f14dcb

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=24ed08c7-a474-4458-8269-3b9de5e22385

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=cf84469b-ce6d-45e8-8336-7b4501c6cf91

Windows 7 for 32-bit Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=5c835885-9375-4882-a92f-4d4cfcacc005

Windows 7 for x64-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=5cfc5776-0c6b-4092-bc98-94df077c60d8

Windows Server 2008 R2 for x64-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=7c4ff5ae-eadd-431e-b982-d5f179efb8c0

Windows Server 2008 R2 for Itanium-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=52c04d85-911f-47be-852e-c9bb4934744d

A restart is required.

[Editor's note: On September 14, 2011, Microsoft reoffered the update for Microsoft Windows 2000 and Windows XP to correct a detection issue. Systems that have already been updated are not affected.]

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-035.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Tue, 08 Jun 2010 17:07:01 +0000
Subject:  http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx


Microsoft Security Bulletin MS10-035 - Critical: Cumulative Security Update for Internet Explorer (982381)

CVE-2010-1257
CVE-2010-1259
CVE-2010-1260
CVE-2010-1261
CVE-2010-1262
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC