Multiple Vulnerabilities in IE
Reported August 9, 2005 by Microsoft
VERSIONS AFFECTED
Windows
98 |
DESCRIPTION>
Due to a flaw in the
way Microsoft Internet Explorer (IE) processes JPEG images, an
intruder could launch remote code that might allow him or her to take
complete control of the system.
A
cross-domain vulnerability with Web Folders could allow a remote
intruder to perform a variety of actions, including creating new user
accounts, installing programs, or manipulating system data, which
might allow the intruder to take complete
control
of the system.
Due to the way IE tries to instantiate COM
objects, memory corruption might occur, which could allow an intruder
to take complete control of the system.
VENDOR RESPONSE
Microsoft released Security Bulletin MS05-038, "Cumulative Security Update for Internet Explorer (896727)," and a cumulative update for IE. The update contains all patches released since Microsoft Security Bulletin MS04-004 (February 2, 2004).CREDITS
Bernhard
Mueller and Martin Eiszner of SEC Consult and the NSFOCUS Security
Team reported the vulnerabilities with COM objects.