Skip to main content

Microsoft Internet Explorer Multiple Vulnerabilities ( 22 January 2010 )

Last Update Date: 28 Jan 2011 Release Date: 22 Jan 2010 5273 Views

RISK: Medium Risk

1. XSS Filter Script Handling Vulnerability

An XSS filter bypass vulnerability exists in the way that Internet Explorer 8 disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.

2. URL Validation Vulnerability

A remote code execution vulnerability exists in the way that Internet Explorer incorrectly validates input. An attacker could exploit the vulnerability by constructing a specially crafted URL. When a user clicks the URL, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. Uninitialized Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

4. HTML Object Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Internet Explorer 5.01
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link