Alert: Microsoft Security Bulletin MS03-048 - Cumulative Security Update for Internet Explorer (824145)
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 11/11/03
- Previous message: Russ: "MajorRev: Microsoft Security Bulletin MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Nov 2003 15:56:18 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Microsoft Security Bulletin MS03-048:
Cumulative Security Update for Internet Explorer (824145)
Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-048.asp
Summary:
Version Number: V1.0
Revision Date: 11-11-2003
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: This update replaces the one that is provided in
Microsoft Security Bulletin MS03-040, which is itself a cumulative
update.
Caveats: None
CVE Number(s):
CAN-2003-0814,CAN-2003-0815,CAN-2003-0816,CAN-2003-0817,CAN-2003-0823
Tested Software:
Affected Software:
* Microsoft Windows 98
* Microsoft Windows Millennium Edition
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack
4
* Microsoft Windows XP 64-Bit Edition
* Microsoft Windows Server(r) 2003
Affected Components:
* Internet Explorer 6 Service Pack 1
<http://www.ntbugtraq.com/link/9D8543E9-0E2B-46C9-B6C6-12DE03860465.asp>
* Internet Explorer 6 Service Pack 1 (64-Bit Edition)
<http://www.ntbugtraq.com/link/35F99CF5-3629-4E0E-BF60-24845D2D20C9.asp>
* Internet Explorer 6 Service Pack 1 for Windows Server 2003
<http://www.ntbugtraq.com/link/7D0D02DD-8940-48E0-B163-3FCDCB558F21.asp>
* Internet Explorer 6 Service Pack 1 for Windows Server 2003 (64-Bit
Edition)
<http://www.ntbugtraq.com/link/8BEFA1EC-0C48-4B65-989D-58B0CE1E6F95.asp>
* Internet Explorer 6
<http://www.ntbugtraq.com/link/4C4D22F0-FBF7-4EA6-9CC2-27D104D4198E.asp>
* Internet Explorer 5.5 Service Pack 2
<http://www.ntbugtraq.com/link/E438AFD4-DF70-448C-8925-1075C8BE6C5E.asp>
Technical Description:
This is a cumulative update that includes the functionality of all the
previously-released updates for Internet Explorer 5.01, Internet
Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the
following five newly-discovered vulnerabilities:
* Three vulnerabilities that involve the cross-domain security model
of Internet Explorer, which keeps windows of different domains from
sharing information. These vulnerabilities could result in the execution
of script in the My Computer zone. To exploit one of these
vulnerabilities, an attacker would have to host a malicious Web site
that contains a Web page that is designed to exploit the particular
vulnerability and then persuade a user to view the Web page. The
attacker could also create an HTML e-mail message that designed to
exploit one of these vulnerabilities and persuade the user to view the
HTML e-mail message. After the user has visited the malicious Web site
or viewed the malicious HTML e-mail message an attacker who exploited
one of these vulnerabilities could access information from other Web
sites, access files on a user's system, and run arbitrary code on a
user's system. This code would run in the security context of the
currently logged on user.
* A vulnerability that involves the way that zone information is
passed to an XML object within Internet Explorer. This vulnerability
could allow an attacker to read local files on a user's system. To
exploit this vulnerability, an attacker would have to host a malicious
Web site that contains a Web page that is designed to exploit the
particular vulnerability and then persuade a user to view the Web page.
The attacker could also create an HTML e-mail message that is designed
to exploit this vulnerability and persuade the user to view the HTML
e-mail message. After the user visits the malicious Web site or views
the malicious HTML e-mail message, the user would then be prompted to
download an HTML file. If the user accepts the download of this HTML
file, an attacker could read local files that are in a known location on
the user's system.
* A vulnerability that involves performing a drag-and-drop operation
during dynamic HTML (DHTML) events in Internet Explorer. This
vulnerability could allow a file to be saved in a target location on the
user's system if the user clicks a link. No dialog box would request
that the user approve this download. To exploit one of these
vulnerabilities, an attacker would have to host a malicious Web site
that contains a Web page that has a specially-crafted link. The attacker
would then have to persuade a user to click that link. The attacker
could also create an HTML e-mail message that has a specially-crafted
link, and then persuade the user to view the HTML e-mail message and
then click the malicious link. If the user clicked this link, code of
the attacker's choice could be saved on the user's computer in a
targeted location.
As with the previous Internet Explorer cumulative updates that were
released with bulletins MS03-004, MS03-015, MS03-020, MS03-032, and
MS03-040, this cumulative update causes the window.showHelp( ) control
to no longer work if you have not applied the HTML Help update. If you
have installed the updated HTML Help control from Knowledge Base article
811630, you will still be able to use HTML Help functionality after you
apply this update.
This email is sent to NTBugtraq automagically as a service to my
subscribers. (v2.0)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
---- NTBugtraq subscribers save $103.00 off the TICSA exam by using promo code "NT1003" when registering to take the TICSA exam at www.2test.com. Prove to your employer and peers that you have the knowledge and abilities to be an active stakeholder in today's enterprise security. Become TICSA certified www.trusecure.com/ticsa. Promotion expires 12/31/03 and cannot be used in combination with other offers. ----
- Previous message: Russ: "MajorRev: Microsoft Security Bulletin MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
