Microsoft Internet Explorer Multiple Vulnerabilities
RISK: High Risk
TYPE: Clients - Browsers
Window Open Race Condition Vulnerability
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that may have been corrupted due to a race condition. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.Event Handlers Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page disguised as legitimate content. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.Telnet Handler Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Internet Explorer uses the telnet URI handler. The handler may be used in such a way that an attacker could execute arbitrary code in the context of the logged-on user.Shift JIS Character Encoding Vulnerability
An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by inserting specially crafted strings in to a Web site, resulting in information disclosure when a user viewed the Web site. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.XSLT Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.Style Object Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.Drag and Drop Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page and performed a drag-and-drop operation. An attacker who successfully exploited this vulnerability could gain access to cookie files stored in the local machine.
Impact
- Remote Code Execution
System / Technologies affected
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx
Vulnerability Identifier
Source
Related Link
Share with