Multiple Vulnerabilities in IE
Reported August 9, 2005 by Microsoft
Due to a flaw in the
way Microsoft Internet Explorer (IE) processes JPEG images, an
intruder could launch remote code that might allow him or her to take
complete control of the system.
A cross-domain vulnerability with Web Folders could allow a remote intruder to perform a variety of actions, including creating new user accounts, installing programs, or manipulating system data, which might allow the intruder to take complete control of the system.
Due to the way IE tries to instantiate COM objects, memory corruption might occur, which could allow an intruder to take complete control of the system.
VENDOR RESPONSEMicrosoft released Security Bulletin MS05-038, "Cumulative Security Update for Internet Explorer (896727)," and a cumulative update for IE. The update contains all patches released since Microsoft Security Bulletin MS04-004 (February 2, 2004).
Bernhard Mueller and Martin Eiszner of SEC Consult and the NSFOCUS Security Team reported the vulnerabilities with COM objects.