SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Microsoft Internet Explorer Vendors:   Microsoft
(Vendor Issues Fix) Microsoft Internet Explorer (IE) Lets Remote Users Cause HTA Files to Be Executed
SecurityTracker Alert ID:  1015800
SecurityTracker URL:  http://securitytracker.com/id/1015800
CVE Reference:   CVE-2006-1388   (Links to External Site)
Updated:  Apr 11 2006
Original Entry Date:  Mar 22 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01 SP4, 6 SP1; and prior service packs
Description:   A vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create HTML that, when loaded by the target user, will execute an HTA file on the target user's system.

Jeffrey Vanderstad reported this vulnerability.

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   The vendor has issued the following fixes as part of a cumulative update:

Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=594E7B87-AF8F-4346-9164-596E3E5C22B1

Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=033C41E1-2B36-4696-987A-099FC57E0129

Internet Explorer 6 for Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F05FFB31-E6B4-4771-81F1-4ACCEBF72133

Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=EE566871-D217-41D3-BECC-B27FAFA00054

Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E584957C-0ABE-4129-ABAF-AA2852AD62A3

Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5A1C8BE3-39EE-4937-9BD1-280FC35125C6

Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C278FE3E-620A-4BBC-868B-CA2D9EFF7AC3

A restart is required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms06-013.mspx (Links to External Site)
Cause:   State error
Underlying OS:  Windows (98), Windows (2000), Windows (2003), Windows (XP)
Underlying OS Comments:  2000 SP4, XP SP2, 2003 SP1; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC