Multiple Vulnerabilities in IE

Multiple Vulnerabilities in IE

Reported August 9, 2005 by Microsoft

VERSIONS AFFECTED


Windows 98
Windows Me
Windows 2000
Windows XP
Windows Server 2003


DESCRIPTION>

Due to a flaw in the way Microsoft Internet Explorer (IE) processes JPEG images, an intruder could launch remote code that might allow him or her to take complete control of the system.

A cross-domain vulnerability with Web Folders could allow a remote intruder to perform a variety of actions, including creating new user accounts, installing programs, or manipulating system data, which might allow the intruder to take complete control of the system.

Due to the way IE tries to instantiate COM objects, memory corruption might occur, which could allow an intruder to take complete control of the system.


VENDOR RESPONSE

Microsoft released Security Bulletin MS05-038, "Cumulative Security Update for Internet Explorer (896727)," and a cumulative update for IE. The update contains all patches released since Microsoft Security Bulletin MS04-004 (February 2, 2004).

CREDITS

Bernhard Mueller and Martin Eiszner of SEC Consult and the NSFOCUS Security Team reported the vulnerabilities with COM objects.


TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish