| Patch Name : |
IE5.01sp4-KB925454-Windows2000sp4-x86-ENU.exe |
| Patch Description : |
Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB925454) |
| Bulletin Id : |
MS06-072 |
| Bulletin Title : |
Cumulative Security Update for Internet Explorer (925454) |
| KnowledgeBase : | 925454 |
| Severity : |
Important |
| Location Path : | IE5.01sp4-KB925454-Windows2000sp4-x86-ENU.exe |
| Bulletin Summary: |
A remote code execution vulnerability exists in Internet Explorer due to attempts to access previously freed memory when handling script errors in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
A remote code execution vulnerability exists in the way Internet Explorer interprets certain DHTML script function calls to incorrectly created elements. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
An information disclosure vulnerability exists in Internet Explorer in the way that drag and drop operations are handled in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed and interacted with the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a users system.
An information disclosure vulnerability exists in Internet Explorer in certain scenarios where the path to the cached content in the TIF folder could be disclosed. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a users system. However, user interaction is required to exploit this vulnerability. |
| Superceding Bulletin Id : |
MS07-016 |
| Patch Release Date : |
Dec 12, 2006 |
| CVE Id : | CVE-2006-5581 |
| Affected Product Information |
|
| Product Name |
Service Pack Name |
| Internet Explorer 5.01 | Internet Explorer 5.01 SP4 |
|
| File changes |
|
| File Path |
Version |
| %windir%\system32\Browseui.dll | 5.0.3846.2300 |
| %windir%\system32\Danim.dll | 6.1.9.729 |
| %windir%\system32\Iepeers.dll | 5.0.3846.2300 |
| %windir%\system32\Inseng.dll | 5.0.3846.2300 |
| %windir%\system32\Jsproxy.dll | 5.0.3846.2300 |
| %windir%\system32\Mshtml.dll | 5.0.3846.2300 |
| %windir%\system32\Msrating.dll | 5.0.3846.2300 |
| %windir%\system32\Pngfilt.dll | 5.0.3846.2300 |
| %windir%\system32\Shdocvw.dll | 5.0.3846.2300 |
| %windir%\system32\Shlwapi.dll | 5.0.3900.7070 |
| %windir%\system32\Url.dll | 5.50.4970.2300 |
| %windir%\system32\Urlmon.dll | 5.0.3846.2300 |
| %windir%\system32\Wininet.dll | 5.0.3846.2300 |
|
| Registry changes |
|
| Registry Path |
Key Name |
Key Value |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Internet Explorer 5.01\SP4\KB925454-IE501SP4-20061116.120000 | | -2 |
|
