|
|
Microsoft Internet Explorer Remote Code Execution Vulnerabilities (MS09-014)
|
Multiple vulnerabilities have been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to compromise a vulnerable system.
The first issue is caused by an error in the way that Internet Explorer locates and opens files on the system, which could be exploited to download and execute a malicious file.
The second vulnerability is caused by an error in the way that WinINet handles NTLM credentials when a user connects to a HTTP server, which could be exploited to execute arbitrary code.
The third issue is caused by a memory corruption error when handling transition while navigating between Web pages, which could be exploited to execute arbitrary code via a malicious page.
The fourth vulnerability is caused by a memory corruption error when the browser accesses an object that has not been correctly initialized or has been deleted, which could be exploited to execute arbitrary code via a malicious page.
The fifth issue is caused by a memory corruption error when the browser accesses an object that has not been correctly initialized or has been deleted, which could be exploited to execute arbitrary code via a malicious page.
The sixth vulnerability is caused by a memory corruption error when the browser accesses an object that has not been initialized or has been deleted, which could be exploited to execute arbitrary code via a malicious page.
Microsoft Internet Explorer 5.01 Service Pack 4
Microsoft Internet Explorer 6
Microsoft Windows Internet Explorer 7
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (Itanium)
Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx
http://www.vupen.com/english/advisories/2009/1028
http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx
In-depth
Binary Analysis
 |
Available in customer area as part of
VUPEN Binary Analysis & Exploits Service and
VUPEN Vulnerability Notification Service Ultimate Feed Edition.
Private Exploit or PoC
|
Available in customer area as part of
VUPEN Binary Analysis & Exploits Service and
VUPEN Vulnerability Notification Service Ultimate Feed Edition.
Vulnerabilities reported by Aviv Raff, Michal Zalewski (Google Inc.), Ivan Fratric (iSIGHT Partners Labs), Skylined (Google Inc.) and ADLab (VenusTech).
2009-04-14 : Initial release
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
