Solve : Internet Explorer File Download Handling Memory Corruption - H – InterviewSolution

1.	Solve : Internet Explorer File Download Handling Memory Corruption - Highly Critical!?
Answer» TITLE: Internet Explorer File DOWNLOAD Handling Memory Corruption SECUNIA ADVISORY ID: SA23469 VERIFY ADVISORY: http://secunia.com/advisories/23469/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 7.x http://secunia.com/product/12366/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ DESCRIPTION: Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the file download queue handling when processing multiple concurrent attempts to start a file download. This can be exploited via a specially crafted web page to corrupt memory in a way that results in use of an already freed object. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Windows 2000 SP4 and Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=95827F3F-A984-4E34-A949-D16A0614121A Windows 2000 SP4 and Internet Explorer 6 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=DF3BA596-7C5B-4151-9884-6957AA884AAB Windows XP SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=513A8320-6D36-4FC9-A38A-867192B55B53 Windows XP Professional x64 Edition (OPTIONALLY with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=AE8A26D8-1910-4B8C-8A73-6E2FA6B5B29F Windows Server 2003 SP1/SP2 and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=4AEFAA38-8757-4E6E-8924-57CABD1C2FC3 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=88ABA9DD-653B-4CDF-A513-CCA32A7D7E41 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6: http://www.microsoft.com/downloads/details.aspx?FamilyId=309A8F10-C7EA-4961-A969-092B0C4D7BBC Windows XP SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=4CA0AC93-BF51-40FE-A1BA-CB3E0A36D8B5 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=DBD284D0-2664-42A4-AD16-A0535244C81C Windows Server 2003 SP1/SP2 and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=0A31C451-32F4-4551-AE45-D600F8B3B11B Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=C1915633-D181-4CA1-A4F0-7CA0F865AA72 Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=093A2250-3BE3-494F-80E0-89CA7217030F Windows Vista and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=86392E8D-098C-427F-A233-699CDB9375AE Windows Vista x64 Edition and Internet Explorer 7: http://www.microsoft.com/downloads/details.aspx?FamilyId=62490E6D-0A21-4A15-90BD-63CA8F8886B6

Discussion

No Comment Found

Related InterviewSolutions