Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Browser) > Microsoft Internet Explorer (IE)

Vendors: Microsoft

Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks

SecurityTracker Alert ID: 1024546

SecurityTracker URL: http://securitytracker.com/id/1024546

CVE Reference: CVE-2010-0808, CVE-2010-3243, CVE-2010-3324, CVE-2010-3325, CVE-2010-3326, CVE-2010-3327, CVE-2010-3328, CVE-2010-3329, CVE-2010-3330, CVE-2010-3331 (Links to External Site)

Date: Oct 12 2010

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 6, 7, 8

Description: Several vulnerabilities were reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information. A remote user can conduct cross-site scripting attacks.

A remote user can create a specially crafted HTML that, when loaded by the target user, will obtain information previously entered using the AutoComplete feature [CVE-2010-0808].

A remote user can exploit a flaw in the toStaticHTML API to cause arbitrary scripting code to be executed by the target user's browser [CVE-2010-3243, CVE-2010-3324]. The code will be able to access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Specially crafted CSS characters can be used to obtain potentially sensitive information from the target user's system [CVE-2010-3325].

When copying and pasting, the software may fail to remove an Anchor element [CVE-2010-3327]. As a result, a remote user may be able to obtain potentially sensitive information from the target user's system.

A specially crafted script can obtain information from a different zone on the target user's system [CVE-2010-3330].

A remote user can create a specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2010-3326, CVE-2010-3328, CVE-2010-3329, CVE-2010-3331]. The code will run with the privileges of the target user.

Sirdarckcat of Google Inc., Mario Heiderich, Takehiro Takahashi of IBM ISS X-Force, Peter Vreugdenhil via TippingPoint's Zero Day Initiative, Damián Frizza of Core Security Technologies, Aldwin Saugere and Radoslav Vasilev of Cigital, and Rodrigo Rubira Branco of Check Point IPS Research Center reported these vulnerabilities.

Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can obtain potentially sensitive information.

Solution: The vendor has issued the following fixes:

Windows XP Service Pack 3, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=3b029696-cf98-4935-b3d6-846110aaa4bb

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=d494535a-b68e-4242-af85-5fa62f631ffc

Windows Server 2003 Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=f64af3cd-591d-4212-94a0-3bc9a4d9782a

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=12c3b950-b955-4820-9b4c-5206deb0cd3e

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=97b3f6dc-8df5-4c93-aaee-f191498c7ce4

Windows XP Service Pack 3, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=c77ee103-7e97-44b2-bbf3-ee9f0de37fed

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=ff9c65fe-437c-426d-9096-dd89ff7927fd

Windows Server 2003 Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=fbcf0e65-c9f4-47f8-b4fc-ae46a66ab339

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=59a715a5-10ff-40e6-88e0-096c9b640799

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=ba194be9-24f9-4c62-9aa9-9e98c81ddba1

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=4f656d16-2a7e-4d18-8a5a-ebf8a1a10e2b

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=02c6260c-8e21-401a-992d-884c6ff7141d

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=0107dd61-7b3e-4fcf-9743-d9ae594b2278

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=139f3bb2-eefc-4cf4-9c15-de78f5a736c1

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=1a971fb2-7dc4-43bf-ae25-3a420bb1acf9

Windows XP Service Pack 3, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=93580299-d764-417f-a7fa-ee441fea2bb3

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=05413f6c-b4be-4892-b4b3-c54dd01fd95d

Windows Server 2003 Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=9af37f62-5585-4ff5-9dd3-3fa0b148ae08

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=c8052f0c-e62c-46c4-bb59-d515fa388ea8

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=191c8388-f1ef-45b6-9f07-d5654a973abe

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=adeb3036-62fa-4a29-b82f-ff4a50c05996

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=ea5b7c86-3878-43a9-a4bc-12e04bfbd06e

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=71ecdb27-46aa-4db1-b86a-3268cda88632

Windows 7 for 32-bit Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=6595770f-e580-4613-a83a-3b8ee4cc30f1

Windows 7 for x64-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=ffe364ee-e2ae-466c-b727-14b1a976a860

Windows Server 2008 R2 for x64-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=d8b563ce-5db1-4490-8a63-44833d55152b

Windows Server 2008 R2 for Itanium-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=bbaa9f46-8fc7-4c44-b38c-dc3d5210f63d

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-071.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-071.mspx (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: Tue, 12 Oct 2010 17:40:52 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-071.mspx


Microsoft Security Bulletin MS10-071 - Critical: Cumulative Security Update for Internet Explorer (2360131)

CVE-2010-0808
CVE-2010-3243
CVE-2010-3324
CVE-2010-3325
CVE-2010-3326
CVE-2010-3327
CVE-2010-3328
CVE-2010-3329
CVE-2010-3330
CVE-2010-3331

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC