| Patch Name : |
IE5.01sp4-KB918899-Windows2000sp4-x86-ENU.exe |
| Patch Description : |
Cumulative security update for Internet Explorer (KB918899) |
| Bulletin Id : |
MS06-042 |
| Bulletin Title : |
Cumulative Security Update for Internet Explorer (918899) |
| KnowledgeBase : | 918899 |
| Severity : |
Critical |
| Location Path : | IE5.01sp4-KB918899-Windows2000sp4-x86-ENU.exe |
| Bulletin Summary: |
Redirect Cross-Domain Information Disclosure Vulnerability - CVE-2006-3280:
An information disclosure vulnerability exists in Internet Explorer in the way that a redirect is handled. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could read file data from a Web page in another Internet Explorer domain. This other Web page must use gzip encoding or some other compression type supported by Internet Explorer for any information disclosure to occur. This other Web page must also be cached on the client side for a successful exploit.
HTML Layout and Positioning Memory Corruption Vulnerability - CVE-2006-3450:
A remote code execution vulnerability exists in the way Internet Explorer interprets HTML with certain layout positioning combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
CSS Memory Corruption Vulnerability - CVE-2006-3451:
A remote code execution vulnerability exists in the way Internet Explorer handles chained Cascading Style Sheets (CSS). An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
HTML Rendering Memory Corruption Vulnerability - CVE-2006-3637:
A remote code execution vulnerability exists in the way Internet Explorer interprets HTML with certain layout combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-3638:
A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Source Element Cross-Domain Vulnerability - CVE-2006-3639:
A remote code execution and information disclosure vulnerability exists in Internet Explorer in the way that a redirect is handled. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could read file data from a Web page in another Internet Explorer domain.
Window Location Information Disclosure Vulnerability - CVE-2006-3640:
An information disclosure vulnerability exists in Internet Explorer where script can be persisted across navigations and used to gain access to the location of a Window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could gain access to the Window location of a Web page in another domain or Internet Explorer zone.
FTP Server Command Injection Vulnerability - CVE-2004-1166:
An elevation of privilege vulnerability exists in the way Internet Explorer handles specially crafted FTP links that contain line feeds. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow the attacker to issue FTP server commands if a user clicked on an FTP link. An attacker who successfully exploited this vulnerability could issue server commands as the user to servers.
|
| Superceding Bulletin Id : |
MS06-067 |
| Patch Release Date : |
Aug 8, 2006 |
| CVE Id : | CVE-2006-3640 |
| Affected Product Information |
|
| Product Name |
Service Pack Name |
| Internet Explorer 5.01 | Internet Explorer 5.01 SP4 |
|
| File changes |
|
| File Path |
Version |
| %windir%\system32\Browseui.dll | 5.0.3828.2700 |
| %windir%\system32\Danim.dll | 6.1.9.729 |
| %windir%\system32\Iepeers.dll | 5.0.3830.1700 |
| %windir%\system32\Inseng.dll | 5.0.3828.2700 |
| %windir%\system32\Jsproxy.dll | 5.0.3840.2800 |
| %windir%\system32\Mshtml.dll | 5.0.3842.3000 |
| %windir%\system32\Msrating.dll | 5.0.3828.2700 |
| %windir%\system32\Pngfilt.dll | 5.0.3828.2700 |
| %windir%\system32\Shdocvw.dll | 5.0.3841.1100 |
| %windir%\system32\Shlwapi.dll | 5.0.3900.7068 |
| %windir%\system32\Url.dll | 5.50.4952.2700 |
| %windir%\system32\Urlmon.dll | 5.0.3844.3000 |
| %windir%\system32\Wininet.dll | 5.0.3842.2300 |
|
| Registry changes |
|
| Registry Path |
Key Name |
Key Value |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Internet Explorer 5.01\SP4\KB918899-IE501SP4-20060725.072042 | | -2 |
|
