TITLE: Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA21396

VERIFY ADVISORY: http://secunia.com/advisories/21396/

CRITICAL: Highly critical

IMPACT: Exposure of sensitive information, System access

WHERE: >From remote

SOFTWARE:
Microsoft Internet Explorer 6.x -- http://secunia.com/product/11/
Microsoft Internet Explorer 5.01 -- http://secunia.com/product/9/

DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to gain knowledge of certain information or compromise a user's system.

1) An error in the interpretation of HTML with certain layout positioning combinations can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page.

2) An error in the way chained Cascading Style Sheets (CSS) are handled can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page.

3) Another error in the HTML rendering can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page.

4) Errors in the way Internet Explorer instantiates COM objects not intended to be instantiated in the browser can be exploited to execute arbitrary code via a specially crafted web page.

5) An error in the way the origin of a script is determined can be exploited to run a script in another domain or security zone than intended via a specially crafted web page.

6) Script may persist across navigations making it possible to use the script to access the window location of a web page in another domain or security zone.

ORIGINAL ADVISORY: MS06-042 (KB918899): http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx

SOLUTION: Apply patches. (Read more)

Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE3F143-19A6-4F22-B53B-B6A7DA33DAF4

Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F17679-3AA5-4D66-A81E-F990FD0B48D2

Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB85BCA-0C17-44AA-B74E-F01B5392BB31

Internet Explorer 6 for Windows Server 2003 (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=20288DA2-A308-45C6-BD80-C68C997529BD

Internet Explorer 6 for Windows Server 2003 for Itanium-based systems (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=663F1E83-BDC0-4EC6-A263-398E7222C9B5

Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5C2A23AC-3F2E-4BEC-BE16-4B45B44C6346

Internet Explorer 6 for Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CE7F66D-4D83-4090-A034-9BBE286D96FA

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Sam Thomas.
2) The vendor credits Sam Thomas.
3) Reported by the vendor.
4) The vendor credits:
* Cody Pierce, TippingPoint Security Research Team.
* Will Dormann, CERT/CC.
5) Reported by the vendor.
6) Reported by the vendor.