SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1023699
SecurityTracker URL:  http://securitytracker.com/id/1023699
CVE Reference:   CVE-2010-0806   (Links to External Site)
Updated:  Mar 30 2010
Original Entry Date:  Mar 10 2010
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6, 6 SP1, 7
Description:   A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an invalid pointer reference and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Microsoft reports that so far, they have determined that Internet Explorer 5.01 SP4 on Windows 2000 SP4 is not affected.

Internet Explorer 8 is not affected.

This vulnerability is being actively exploited in targeted attacks.

ADLab of VenusTech reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fix as part of a cumulative update.

[Editor's note: This vulnerability does not affect some of the platforms and versions listed below. However, they are listed because they are part of the cumulative update.]

Microsoft Windows 2000 Service Pack 4, Internet Explorer 5.01 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=389da7a9-e0a3-4b5d-801e-0a38fc55dcec

Microsoft Windows 2000 Service Pack 4 , Internet Explorer 6 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=daf199c4-da56-4a7f-80e6-3936ce5c267b

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=2f2caa01-5cd1-45cb-9995-e34d933920d4

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=6c711387-6853-477c-917e-820a97613cf9

Windows Server 2003 Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=dc77f1c9-8240-42d9-aee9-30ac4f33bde7

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=2be85462-28ec-4184-a326-0459554b7213

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?familyid=04abea55-ea2f-423f-b410-5536ea184ea3

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=167ed896-d383-4dc0-9183-cd4cb73e17e7

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=aadb1d97-5cec-45ed-9967-aaf41a0bcdac

Windows Server 2003 Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=e957a7cf-e5ca-454d-b199-ec8fe6a6a2bf

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=cb0e39f8-9730-4454-a0e3-479b610b1591

Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=7ebd99b4-da6b-4dff-9f89-6a86d275a3da

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=511aba0e-6f15-42cf-9c5d-b2f3e215b5a8

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=c8933a45-62a7-4c19-be30-02e3a461f081

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=42f8c1f2-ee55-47af-b113-8d9f4bd40c8f

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=769043b5-df52-4446-9bd8-dc37d9fa00df

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?familyid=c1c2309d-22db-4dbf-ad95-3219847cd42d

Windows XP Service Pack 2 and Windows XP Service Pack 3, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=46172617-293a-44c7-95b6-18202ab06a41

Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=284d70ea-24a3-4e67-a2a8-e9f272f728db

Windows Server 2003 Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=53fc3285-63c4-487f-ad9a-7e1673aeffc7

Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=5201a0c5-8162-4809-b9d1-0e972b0f0066

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=c9584689-5196-4840-927c-23c8038f3382

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=50809cc3-6baa-41b4-ba0a-596a1dd846ed

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=c69a6dfe-66b1-4426-96a5-d64000296e76

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=e16c10d2-896d-48f3-bc76-5fa70881396a

Windows 7 for 32-bit Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=c0145563-428e-47b6-b245-b59dce88ac0e

Windows 7 for x64-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=6172dbec-6bfc-40bd-a0d4-67c39fb41b87

Windows Server 2008 R2 for x64-based Systems**, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=8b7c664b-8612-458f-bd0a-cf28b67f8374

Windows Server 2008 R2 for Itanium-based Systems, Internet Explorer 8:

http://www.microsoft.com/downloads/details.aspx?familyid=82fa6f47-002f-4943-888c-2e852675e76e

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

The vendor's original advisory is available at:

http://www.microsoft.com/technet/security/advisory/981374.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-018.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents

Date:  Wed, 10 Mar 2010 03:49:58 +0000
Subject:  Microsoft Internet Explorer (IE)


http://www.microsoft.com/technet/security/advisory/981374.mspx

CVE-2010-0806
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC