Security

Microsoft Internet Explorer Multiple Vulnerabilities

Description

Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a user’s system.

1) Certain input passed via EUC-JP encoded characters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

2) A race condition when handling the “window.open()” JavaScript function can be exploited to corrupt memory by tricking a user into performing a specific sequence clicks on different Internet Explorer windows.

NOTE: This vulnerability does not affect Internet Explorer 9.

3) An error when handling certain events can be exploited to disclose information from another domain or Internet Explorer zone.

4) An error within the telnet URI handler loads executables in an insecure manner and can be exploited by tricking a user info performing certain actions.

5) An error within the “SetViewSlave()” function when reloading a markup for an XSLT object can be exploited to corrupt memory.

NOTE: This vulnerability does not affect Internet Explorer 6.

6) An error when parsing certain STYLE objects can be exploited to corrupt heap memory.

NOTE: An issue when checking file integrity, which can lead to bypass of protected mode has also been fixed.

Successful exploitation of vulnerabilities #2, #4, #5, and #6 allows execution of arbitrary code.

Solution

Apply patches.

Provided and/or discovered by
1) JVN credits Takeshi Terada.
2) Lostmon Lords
3) The vendor credits Yngve N. Pettersen, Opera Software ASA
4) JVN credits Makoto Shiotsuki, Security Professionals Network
5) An anonymous person via ZDI
6) Stephen Fewer via ZDI

Original Advisory
MS11-057 (KB2559049):
http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx

JVN (English):
http://jvn.jp/en/jp/JVN51325625/index.html
http://jvn.jp/en/jp/JVN80404511/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000060.html

JVN (Japanese):
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000052

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-247/
http://www.zerodayinitiative.com/advisories/ZDI-11-248/
http://www.zerodayinitiative.com/advisories/ZDI-11-249/

Lostmon:
http://lostmon.blogspot.com/2011/08/internet-explorer-6-7-and-8-windowopen.html

Source Advisory
http://secunia.com/advisories/45169/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s