Skip to main content

Microsoft Internet Explorer Multiple Vulnerabilities( 15 April 2009 )

Last Update Date: 28 Jan 2011 Release Date: 15 Apr 2009 5290 Views

RISK: Medium Risk

1. Blended Threat Remote Code Execution Vulnerability

A blended threat remote code execution vulnerability exists in the way that Internet Explorer locates and opens files on the system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

2. WinINet Credential Reflection Vulnerability

A remote code execution vulnerability exists in the way that WinINet handles NTLM credentials when a user connects to an attacker's server by way of the HTTP protocol. This vulnerability allows an attacker to replay the user's credentials back to the attacker and to execute code in the context of the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. Page Transition Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way Internet Explorer handles transition when navigating between Web pages. As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a specially crafted Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

4. Uninitialized Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

5. Uninitialized Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

6. Uninitialized Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 6
  • Windows Internet Explorer 7
  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link