SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Microsoft Internet Explorer Vendors:   Microsoft
Microsoft Internet Explorer Use-After-Free in 'mshtml.dll' May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1024940
SecurityTracker URL:  http://securitytracker.com/id/1024940
CVE Reference:   CVE-2011-0346   (Links to External Site)
Updated:  Apr 12 2011
Original Entry Date:  Jan 7 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8
Description:   A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will access previously freed memory and execute arbitrary code on the target system. The code will run with the privileges of the target user.

The vendor was notified in July 2010.

The original advisory is available at:

http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html

Michal Zalewski reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes (as part of a cumulative update):

Windows XP Service Pack 3, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=c3a8cec0-f947-4d4e-a6ae-c7f4f1f311b0

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=986f07ae-0fdc-4be2-8a74-5eb56d4300ef

Windows Server 2003 Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=b902c58a-9e2f-4352-8d2f-fffda5344598

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=5d8f14d1-85cc-478f-8b50-5c355a331f59

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=8afe86fc-58b4-4a95-b047-c09138fa4f5e

Windows XP Service Pack 3, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=0b7d0403-8965-4c62-970c-20b561f66713

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=ed88f183-dd06-46f6-ae8a-a594a752f248

Windows Server 2003 Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=5c464287-3dab-4342-a38d-a12719d3b158

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=9d8bbea9-c456-4569-ad96-c2cd0f5fae7e

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=f1abfb48-3c8a-4b2d-b739-cc61628b387d

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=00c3c176-feff-4022-ac4c-2d4732ca3d78

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=79f52733-44e4-47b6-86ca-1395a095b4e7

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=7d8603b8-bb52-4cf6-be8b-bb3475d30fc5

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=c6d58f64-bdd5-4fe6-96f4-9641b8e7b570

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=f6f6f22c-fc7f-4e96-b6b5-be3c1acecf6e

Windows XP Service Pack 3, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=689c5496-56c4-48a6-9f3d-b5f5aaf3e566

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=6d3433ee-c2e1-433f-a3d9-c049d66e2190

Windows Server 2003 Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=45feb35b-b24e-4160-adb0-d0b7ae530e90

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=979d2ec5-5114-4ec7-aa97-e9289c590cbb

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=5ea94705-4f76-4b0d-bbbc-afb5e75204bf

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=bc63b233-9db0-4fb1-a61c-fa7e9e44ba10

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=d5d76e90-1cef-47e8-9d8d-2c5a43f42ba3

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=51203a31-368b-4b47-96a5-9e9e5a55cd76

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=59676b71-8b9d-4230-a9e0-b20db3e3ec7e

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=3a998678-2678-489e-8711-39322663147d

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=c7b2482b-44bf-4c01-99d8-f93868659a24

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=af6db318-fbec-4286-a3a7-4081620146e5

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-018.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC