Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Internet Explorer Bugs Let Remote Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Hijack User Clicks
|
|
SecurityTracker Alert ID: 1025327 |
|
SecurityTracker URL: http://securitytracker.com/id/1025327
|
|
CVE Reference:
CVE-2011-0094, CVE-2011-1244, CVE-2011-1245, CVE-2011-1345
(Links to External Site)
|
Date: Apr 12 2011
|
Impact:
Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6, 7, 8
|
Description:
Several vulnerabilities were reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can view content from another domain. A remote user can conduct clickjacking attacks.
A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
An uninitialized layout object can trigger code execution [CVE-2011-0094].
A specially crafted frame tag can allow a remote user to obtain potentially sensitive information or conduct clickjacking attacks [CVE-2011-1244].
Specially crafted javascript can allow a remote user to view content from another domain or Internet Explorer zone [CVE-2011-1245].
An uninitialized memory object can trigger code execution [CVE-2011-1345].
An anonymous researcher (via VeriSign iDefense Labs), MITRE, David Bloom of Google Inc., and Stephen Fewer of Harmony Security (via TippingPoint's Zero Day Initiative) reported these vulnerabilities.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can view content from another domain.
A remote user can conduct clickjacking attacks.
|
Solution:
The vendor has issued the following fixes:
Windows XP Service Pack 3, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=c3a8cec0-f947-4d4e-a6ae-c7f4f1f311b0
Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=986f07ae-0fdc-4be2-8a74-5eb56d4300ef
Windows Server 2003 Service Pack 2, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=b902c58a-9e2f-4352-8d2f-fffda5344598
Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=5d8f14d1-85cc-478f-8b50-5c355a331f59
Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=8afe86fc-58b4-4a95-b047-c09138fa4f5e
Windows XP Service Pack 3, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=0b7d0403-8965-4c62-970c-20b561f66713
Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=ed88f183-dd06-46f6-ae8a-a594a752f248
Windows Server 2003 Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=5c464287-3dab-4342-a38d-a12719d3b158
Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=9d8bbea9-c456-4569-ad96-c2cd0f5fae7e
Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=f1abfb48-3c8a-4b2d-b739-cc61628b387d
Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=00c3c176-feff-4022-ac4c-2d4732ca3d78
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=79f52733-44e4-47b6-86ca-1395a095b4e7
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=7d8603b8-bb52-4cf6-be8b-bb3475d30fc5
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=c6d58f64-bdd5-4fe6-96f4-9641b8e7b570
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=f6f6f22c-fc7f-4e96-b6b5-be3c1acecf6e
Windows XP Service Pack 3, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=689c5496-56c4-48a6-9f3d-b5f5aaf3e566
Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=6d3433ee-c2e1-433f-a3d9-c049d66e2190
Windows Server 2003 Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=45feb35b-b24e-4160-adb0-d0b7ae530e90
Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=979d2ec5-5114-4ec7-aa97-e9289c590cbb
Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=5ea94705-4f76-4b0d-bbbc-afb5e75204bf
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=bc63b233-9db0-4fb1-a61c-fa7e9e44ba10
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=d5d76e90-1cef-47e8-9d8d-2c5a43f42ba3
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=51203a31-368b-4b47-96a5-9e9e5a55cd76
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=59676b71-8b9d-4230-a9e0-b20db3e3ec7e
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=3a998678-2678-489e-8711-39322663147d
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=c7b2482b-44bf-4c01-99d8-f93868659a24
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=af6db318-fbec-4286-a3a7-4081620146e5
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-018.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Apr 2011 17:22:39 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx
|
Microsoft Security Bulletin MS11-018 - Critical: Cumulative Security Update for Internet Explorer (2497640)
CVE-2011-1244
CVE-2011-0094
CVE-2011-0346
CVE-2011-1245
CVE-2011-1345
[solution_section]
The vendor has issued the following fixes:
Windows XP Service Pack 3, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=c3a8cec0-f947-4d4e-a6ae-c7f4f1f311b0
Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=986f07ae-0fdc-4be2-8a74-5eb56d4300ef
Windows Server 2003 Service Pack 2, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=b902c58a-9e2f-4352-8d2f-fffda5344598
Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=5d8f14d1-85cc-478f-8b50-5c355a331f59
Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=8afe86fc-58b4-4a95-b047-c09138fa4f5e
Windows XP Service Pack 3, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=0b7d0403-8965-4c62-970c-20b561f66713
Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=ed88f183-dd06-46f6-ae8a-a594a752f248
Windows Server 2003 Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=5c464287-3dab-4342-a38d-a12719d3b158
Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=9d8bbea9-c456-4569-ad96-c2cd0f5fae7e
Windows Server 2003 with SP2 for Itanium-based Systems, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=f1abfb48-3c8a-4b2d-b739-cc61628b387d
Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=00c3c176-feff-4022-ac4c-2d4732ca3d78
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=79f52733-44e4-47b6-86ca-1395a095b4e7
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=7d8603b8-bb52-4cf6-be8b-bb3475d30fc5
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=c6d58f64-bdd5-4fe6-96f4-9641b8e7b570
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=f6f6f22c-fc7f-4e96-b6b5-be3c1acecf6e
Windows XP Service Pack 3, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=689c5496-56c4-48a6-9f3d-b5f5aaf3e566
Windows XP Professional x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=6d3433ee-c2e1-433f-a3d9-c049d66e2190
Windows Server 2003 Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=45feb35b-b24e-4160-adb0-d0b7ae530e90
Windows Server 2003 x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=979d2ec5-5114-4ec7-aa97-e9289c590cbb
Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=5ea94705-4f76-4b0d-bbbc-afb5e75204bf
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=bc63b233-9db0-4fb1-a61c-fa7e9e44ba10
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=d5d76e90-1cef-47e8-9d8d-2c5a43f42ba3
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=51203a31-368b-4b47-96a5-9e9e5a55cd76
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=59676b71-8b9d-4230-a9e0-b20db3e3ec7e
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=3a998678-2678-489e-8711-39322663147d
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=c7b2482b-44bf-4c01-99d8-f93868659a24
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=af6db318-fbec-4286-a3a7-4081620146e5
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx
[/solution_section]
[bugno]2497640
[msno]MS11-018
[severity]Critical
|
|
Go to the Top of This SecurityTracker Archive Page
|
