Microsoft Internet Explorer Argument Validation Flaw in 'dxtmsft.dll' Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019381 |
|
SecurityTracker URL: http://securitytracker.com/id/1019381
|
|
CVE Reference:
CVE-2008-0078
(Links to External Site)
|
Date: Feb 12 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.01, 6, 6 SP1, 7
|
Description:
A vulnerability was reported in Microsoft Internet Explorer in the processing of certain image arguments. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted image that, when loaded by the target user, will invoke the 'dxtmsft.dll' ActiveX control and trigger a memory corruption error to execute arbitrary code on the target system. The code will run with the privileges of the target user.
Venustech of ADLABS reported this vulnerability.
|
Impact:
A remote user can create an image that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following cumulative fixes:
Microsoft Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41
Microsoft Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359
Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554
Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409
Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703
Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392
Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4BB99AFC-BE14-4F2E-9570-B7FE09E39131
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6FA80E2C-5E91-4B33-ACD9-33F156660AE7
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE25B98-F443-4874-A06F-4DAAE14C16B0
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C08EBBE7-639B-4EA2-8304-FAB531930ABF
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-010.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Feb 2008 14:07:16 -0500
Subject: Microsoft Security Bulletin MS08-010 - Critical: Cumulative Security Update for Internet Explorer (944533)
|
http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
CVE-2008-0078
|
|
