Security Internet Explorer Data Stream Handling Vulnerability

PHP Web Host - Quality Web Hosting For All PHP Applications

• Home • Downloads • Your Account • Forums •

Site Navigation

Home:

Donate o Meter

Help Keep Our Servers Online AND Our Services Free!

Donat-o-Meter Stats
October´s Goal:	$300.00
Due Date:	Oct 31
Net Balance:	$67.37
Left to go:	$232.63

Donations
Doulos Oct-10
Mars Oct-3

Please Link To Me!

Services Available

Quality PHP Web Host!

Great Reviews!

Need help setting up your website, installing Apache, PHP, MySQL, or PhpNuke?

Need help customizing or designing scripts?

Please contact me via the Contact Us option for further details and pricing.

Link to Me

There are more Link To Me icons here.

Site Info v2.2.2 ©

Verse of the Day

Internet Explorer Data Stream Handling Vulnerability

SECUNIA ADVISORY ID: SA27707

VERIFY ADVISORY: http://secunia.com/advisories/27707/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE:
Microsoft Internet Explorer 6.x http://secunia.com/product/11/
Microsoft Internet Explorer 7.x http://secunia.com/product/12366/
Microsoft Internet Explorer 5.01 http://secunia.com/product/9/

DESCRIPTION: Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing data streams and can be exploited to trigger a use-after-free condition by returning a specially crafted data stream of e.g. an unexpected MIME-type for which no handler is registered. Successful exploitation allows execution of arbitrary code when a user visits a malicious website.

SOLUTION: Apply patches.
Windows 2000 SP4 with Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=B051AE04-FE81-440D-9136-D6B239CA954E
Windows 2000 SP4 with Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=75D2DC78-E3A4-4FF6-9E2D-BF1935003E8E
Windows XP SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=36C641AD-953F-4B09-BA1C-9C383295E180
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=85BEACC0-8CA2-4DED-9C24-23348D05C735
Windows Server 2003 SP1/SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=0444B76E-93FA-43C2-B1BC-A5C054529EB5
Windows Server 2003 x64 Edition (optionally with SP1) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=5EBB5EF9-615F-4CAB-BAC5-6F45F1B94952
Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=63DA8040-FDA2-42C7-8543-26AD6F9811F2
Windows XP SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=E771EFE8-8881-4F23-B5B0-15651A390BA9
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=9364BF81-6505-4788-958D-A4BD29DC98AD
Windows Server 2003 SP1/SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=9ACD2A03-5530-49C8-9EA1-0BFAF259700D
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=A9E406AA-33E2-49B8-AB54-4A7328E46147
Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=75A05D3A-92A0-4A00-95D4-E2B2F6755180
Windows Vista (optionally with SP1) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=D4E24966-6530-463A-9EE2-F6A9D000F998
Windows Vista x64 Edition (optionally with SP1) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=295CF8F2-265E-4570-B708-21033337FE05
Windows Server 2008 for 32-bit Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=E57B4D94-19AD-4818-8311-A3F94BE01A4B
Windows Server 2008 for x64-based Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=93E9F52A-C7D0-4033-9C12-740665A219AF
Windows Server 2008 for Itanium-based Systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=ACF948E8-C4A9-40DA-B282-F5E584E77B05

PROVIDED AND/OR DISCOVERED BY: Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research: http://secunia.com/secunia_research/2007-100/
MS08-024 (KB947864): http://www.microsoft.com/technet/security/Bulletin/MS08-024.mspx

Posted on Tuesday, April 08, 2008 @ 19:27:38 EDT by Raven

Related Links

· More about Security
· News by Raven

Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2008 by Raven
Proud to be listed at Lobo Links Web Directory

You can syndicate our news using the file

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional Compliance by Raven and 64bitguy ::
::