[NT] Cumulative Security Update for Internet Explorer (MS06-042)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Cumulative Security Update for Internet Explorer (MS06-042)
------------------------------------------------------------------------


SUMMARY

Multiple security vulnerabilities have been discovered in Internet
Explorer, these vulnerabilities allow a remote attacker to disclose
sensitive information about the remote host, corrupt memory which in turn
causes execution of code and cause cross domain injections.

DETAILS

Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

Tested Microsoft Windows Components:
Affected Components:
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service
Pack 4 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE3F143-19A6-4F22-B53B-B6A7DA33DAF4> Download the update
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack
4 or on Microsoft Windows XP Service Pack 1 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=B5F17679-3AA5-4D66-A81E-F990FD0B48D2> Download the update
Internet Explorer 6 for Microsoft Windows XP Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB85BCA-0C17-44AA-B74E-F01B5392BB31> Download the update
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft
Windows Server 2003 Service Pack 1 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=20288DA2-A308-45C6-BD80-C68C997529BD> Download the update
Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based
Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based
Systems -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=663F1E83-BDC0-4EC6-A263-398E7222C9B5> Download the update
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=5C2A23AC-3F2E-4BEC-BE16-4B45B44C6346> Download the update
Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0CE7F66D-4D83-4090-A034-9BBE286D96FA> Download the update

Redirect Cross-Domain Information Disclosure Vulnerability -
CVE-2006-3280:
An information disclosure vulnerability exists in Internet Explorer in the
way that a redirect is handled. An attacker could exploit the
vulnerability by constructing a specially crafted Web page that could
allow for information disclosure if a user viewed the Web page. An
attacker who successfully exploited this vulnerability could read file
data from a Web page in another Internet Explorer domain. This other Web
page must use gzip encoding or some other compression type supported by
Internet Explorer for any information disclosure to occur. This other Web
page must also be cached on the client side for a successful exploit.

HTML Layout and Positioning Memory Corruption Vulnerability -
CVE-2006-3450:
A remote code execution vulnerability exists in the way Internet Explorer
interprets HTML with certain layout positioning combinations. An attacker
could exploit the vulnerability by constructing a specially crafted Web
page that could potentially allow remote code execution if a user viewed
the Web page. An attacker who successfully exploited this vulnerability
could take complete control of an affected system.

CSS Memory Corruption Vulnerability - CVE-2006-3451:
A remote code execution vulnerability exists in the way Internet Explorer
handles chained Cascading Style Sheets (CSS). An attacker could exploit
the vulnerability by constructing a specially crafted Web page that could
potentially allow remote code execution if a user viewed the Web page. An
attacker who successfully exploited this vulnerability could take complete
control of an affected system.

HTML Rendering Memory Corruption Vulnerability - CVE-2006-3637:
A remote code execution vulnerability exists in the way Internet Explorer
interprets HTML with certain layout combinations. An attacker could
exploit the vulnerability by constructing a specially crafted Web page
that could potentially allow remote code execution if a user viewed the
Web page. An attacker who successfully exploited this vulnerability could
take complete control of an affected system.

COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-3638:
A remote code execution vulnerability exists in the way Internet Explorer
instantiates COM objects that are not intended to be instantiated in
Internet Explorer. An attacker could exploit the vulnerability by
constructing a specially crafted Web page that could potentially allow
remote code execution if a user viewed the Web page. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system.

Source Element Cross-Domain Vulnerability - CVE-2006-3639:
A remote code execution and information disclosure vulnerability exists in
Internet Explorer in the way that a redirect is handled. An attacker could
exploit the vulnerability by constructing a specially crafted Web page
that could allow for information disclosure if a user viewed the Web page.
An attacker who successfully exploited this vulnerability could read file
data from a Web page in another Internet Explorer domain.

On Windows 2000 Service Pack 4 and Windows XP Service Pack 1 an attacker
could exploit the vulnerability by constructing a specially crafted Web
page that could potentially allow remote code execution if a user viewed
the Web page. An attacker who successfully exploited this vulnerability
could take complete control of an affected system.


Window Location Information Disclosure Vulnerability - CVE-2006-3640:
An information disclosure vulnerability exists in Internet Explorer where
script can be persisted across navigations and used to gain access to the
location of a Window in another domain or Internet Explorer zone. An
attacker could exploit the vulnerability by constructing a specially
crafted Web page that could allow for information disclosure if a user
viewed the Web page. An attacker who successfully exploited this
vulnerability could gain access to the Window location of a Web page in
another domain or Internet Explorer zone.

FTP Server Command Injection Vulnerability - CVE-2004-1166:
An elevation of privilege vulnerability exists in the way Internet
Explorer handles specially crafted FTP links that contain line feeds. An
attacker could exploit the vulnerability by constructing a specially
crafted Web page that could potentially allow the attacker to issue FTP
server commands if a user clicked on an FTP link. An attacker who
successfully exploited this vulnerability could issue server commands as
the user to servers.


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx>
http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.