Microsoft Internet Explorer Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Microsoft Internet Explorer Multiple Vulnerabilities
Secunia Advisory:	SA28903	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2008-02-12
Last Update:	2008-02-14
Popularity:	12,913 views

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6.x Microsoft Internet Explorer 7.x

Binary Analysis:	BA404 :: Available for 1 Credit BA413 :: Available for 1 Credit

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2008-0076 CVE-2008-0077 CVE-2008-0078

Description: Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An error in the way HTML with certain layout combinations is interpreted can be exploited to corrupt memory via a specially crafted web page. 2) An error in the way the "by" property of an "animateMotion" SVG element is handled can be exploited to corrupt memory via a specially crafted web page assigning other DOM elements to the property. 3) An error in the argument validation when processing images can be exploited to corrupt memory via a specially crafted web page. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Solution: Apply patches. Windows 2000 SP4 and Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/de...=1032A039-468B-4C5F-8C1C-5E54C2832E41 Windows 2000 SP4 and Internet Explorer 6 SP1: http://www.microsoft.com/downloads/de...=87E66DCE-5060-4814-8754-829B4E190359 Windows XP SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/de...=BB2AA3CB-021F-4890-AB20-2A51F8E17554 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/de...=8989F576-8B30-4866-90EC-929D24F3B409 Windows Server 2003 SP1/SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/de...=429B7ED1-FE78-459A-B834-D0F3C69CB703 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/de...=E989E23C-38BB-4FE7-A830-D7BDF7659392 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6: http://www.microsoft.com/downloads/de...=5A097F7A-B696-48D0-B13F-337C5FD14E24 Windows XP SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/de...=D4AA293A-6332-4C6C-B128-876F516BD030 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/de...=B72AF1B6-6E23-4005-AEF6-82195B380153 Windows Server 2003 SP1/SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/de...=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/de...=4BB99AFC-BE14-4F2E-9570-B7FE09E39131 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/de...=6FA80E2C-5E91-4B33-ACD9-33F156660AE7 Windows Vista and Internet Explorer 7: http://www.microsoft.com/downloads/de...=0DE25B98-F443-4874-A06F-4DAAE14C16B0 Windows Vista x64 Edition and Internet Explorer 7: http://www.microsoft.com/downloads/de...=C08EBBE7-639B-4EA2-8304-FAB531930ABF Provided and/or discovered by: 1) The vendor credits Shane Macaulay and Riley Hassell, Security Objectives. 2) Reported independently by: * an anonymous person via ZDI * hyy via iDefense 3) The vendor credits Venustech of ADLABS. Changelog: 2008-02-13: Added additional information from ZDI and iDefense. 2008-02-14: Added link to US-CERT. Original Advisory: MS08-010 (KB944533): http://www.microsoft.com/technet/security/Bulletin/MS08-010.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-006.html iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661 Other References: US-CERT VU#228569: http://www.kb.cert.org/vuls/id/228569

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	1
New vulnerabilities:	1
Updated advisories:	1

Moderately // 52 views

ClamAV "cli_check_jpeg_expl oit()" Denial of Service Vulnerability

1st Dec, 2008

New advisories:	33
New vulnerabilities:	55
Updated advisories:	56

Moderately // 333 views

RakhiSoftware Shopping Cart Multiple Vulnerabilities

Moderately // 327 views

Lito Lite CMS "cid" SQL Injection Vulnerability

Moderately // 358 views

Basic PHP CMS "id" SQL Injection Vulnerability

Less // 608 views

Microsoft Office Communications Server SIP INVITE Denial of Service

Moderately // 323 views

Bluo CMS "id" SQL Injection Vulnerability

Moderately // 343 views

Active eWebquiz "useremail" and "password" SQL Injection Vulnerabilities

Highly // 341 views

Minimal Ablog Multiple Vulnerabilities

Moderately // 344 views

Active Newsletter "email" and "password" SQL Injection Vulnerabilities

Moderately // 332 views

Ocean12 FAQ Manager Pro "ID" SQL Injection Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.