Skip to main content

Microsoft Internet Explorer Multiple Vulnerabilities

Last Update Date: 13 Apr 2011 16:15 Release Date: 13 Apr 2011 5948 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers
  1. Layouts Handling Memory Corruption Vulnerability

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

     

  2. MSHTML Memory Corruption Vulnerability

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

     

  3. Frame Tag Information Disclosure Vulnerability

    An information disclosure vulnerability exists in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page disguised as legitimate content. The user's actions on the page could allow information disclosure or clickjacking, whereby the user's clicks perform unwanted actions.

     

  4. Javascript Information Disclosure Vulnerability

    An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.

     

  5. Object Management Memory Corruption Vulnerability

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Note: The vulnerability was reported being used in scattered attacks.


Impact

  • Remote Code Execution

System / Technologies affected

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link