Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Internet Explorer File Download Handling Memory Corruption - Highly Critical!  (Read 5441 times)

0 Members and 1 Guest are viewing this topic.

Broni

    Topic Starter

    Mastermind
  • Kraków my love :)
    • Thanked: 614
    • Computer Help Forum
  • Computer: Specs
  • Experience: Experienced
  • OS: Windows 8
Internet Explorer File Download Handling Memory Corruption - Highly Critical!
« on: October 09, 2007, 05:00:36 PM »
TITLE:
Internet Explorer File Download Handling Memory Corruption

SECUNIA ADVISORY ID:
SA23469

VERIFY ADVISORY:
http://secunia.com/advisories/23469/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/

DESCRIPTION:
Secunia Research has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to an error in the file download
queue handling when processing multiple concurrent attempts to start
a file download. This can be exploited via a specially crafted web
page to corrupt memory in a way that results in use of an already
freed object.

Successful exploitation allows execution of arbitrary code.

SOLUTION:
Apply patches.

Windows 2000 SP4 and Internet Explorer 5.01 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=95827F3F-A984-4E34-A949-D16A0614121A
   
Windows 2000 SP4 and Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DF3BA596-7C5B-4151-9884-6957AA884AAB

Windows XP SP2 and Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=513A8320-6D36-4FC9-A38A-867192B55B53

Windows XP Professional x64 Edition (optionally with SP2) and
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AE8A26D8-1910-4B8C-8A73-6E2FA6B5B29F

Windows Server 2003 SP1/SP2 and Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4AEFAA38-8757-4E6E-8924-57CABD1C2FC3

Windows Server 2003 x64 Edition (optionally with SP2) and Internet
Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=88ABA9DD-653B-4CDF-A513-CCA32A7D7E41

Windows Server 2003 with SP1/SP2 for Itanium-based systems and
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=309A8F10-C7EA-4961-A969-092B0C4D7BBC

Windows XP SP2 and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4CA0AC93-BF51-40FE-A1BA-CB3E0A36D8B5

Windows XP Professional x64 Edition (optionally with SP2) and
Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DBD284D0-2664-42A4-AD16-A0535244C81C

Windows Server 2003 SP1/SP2 and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A31C451-32F4-4551-AE45-D600F8B3B11B

Windows Server 2003 x64 Edition (optionally with SP2) and Internet
Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C1915633-D181-4CA1-A4F0-7CA0F865AA72

Windows Server 2003 with SP1/SP2 for Itanium-based systems and
Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=093A2250-3BE3-494F-80E0-89CA7217030F

Windows Vista and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=86392E8D-098C-427F-A233-699CDB9375AE

Windows Vista x64 Edition and Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=62490E6D-0A21-4A15-90BD-63CA8F8886B6
Logged
Pages: [1]   Go Up
« previous next »