KB918899, MS06-042, Installing IE6.0sp1-KB918899-Windows-2000-XP-x86-ENU.exe Patch using Desktop Central

How to?

Support

Download

Website

Forums

Live Demo

Patch Management Software

Desktop Central helps administrators to automate patch deployment of both Microsoft and Non-Microsoft Applications from a central point.

Internet Explorer 6 Patch Details

Internet Explorer 6 Patches

Patch Name :

IE6.0sp1-KB918899-Windows-2000-XP-x86-ENU.exe

Patch Description :

Cumulative security update for Internet Explorer (KB918899)

Bulletin Id :

MS06-042

Bulletin Title :

Cumulative Security Update for Internet Explorer (918899)

KnowledgeBase :

918899

Severity :

Critical

Location Path :

IE6.0sp1-KB918899-Windows-2000-XP-x86-ENU.exe

Bulletin Summary:

Redirect Cross-Domain Information Disclosure Vulnerability - CVE-2006-3280:

An information disclosure vulnerability exists in Internet Explorer in the way that a redirect is handled. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could read file data from a Web page in another Internet Explorer domain. This other Web page must use gzip encoding or some other compression type supported by Internet Explorer for any information disclosure to occur. This other Web page must also be cached on the client side for a successful exploit.

HTML Layout and Positioning Memory Corruption Vulnerability - CVE-2006-3450:

A remote code execution vulnerability exists in the way Internet Explorer interprets HTML with certain layout positioning combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

CSS Memory Corruption Vulnerability - CVE-2006-3451:

A remote code execution vulnerability exists in the way Internet Explorer handles chained Cascading Style Sheets (CSS). An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

HTML Rendering Memory Corruption Vulnerability - CVE-2006-3637:

A remote code execution vulnerability exists in the way Internet Explorer interprets HTML with certain layout combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-3638:

A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Source Element Cross-Domain Vulnerability - CVE-2006-3639:

A remote code execution and information disclosure vulnerability exists in Internet Explorer in the way that a redirect is handled. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could read file data from a Web page in another Internet Explorer domain.

Window Location Information Disclosure Vulnerability - CVE-2006-3640:

An information disclosure vulnerability exists in Internet Explorer where script can be persisted across navigations and used to gain access to the location of a Window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could gain access to the Window location of a Web page in another domain or Internet Explorer zone.

FTP Server Command Injection Vulnerability - CVE-2004-1166:

An elevation of privilege vulnerability exists in the way Internet Explorer handles specially crafted FTP links that contain line feeds. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow the attacker to issue FTP server commands if a user clicked on an FTP link. An attacker who successfully exploited this vulnerability could issue server commands as the user to servers.

Superceding Bulletin Id :

MS06-067

Patch Release Date :

Aug 8, 2006

CVE Id :

CVE-2006-3640

Affected Product Information

Product Name	Service Pack Name
Internet Explorer 6	Internet Explorer 6 SP1

File changes

File Path	Version
%windir%\system32\Browseui.dll	6.0.2800.1692
%windir%\system32\Cdfview.dll	6.0.2800.1612
%windir%\system32\Danim.dll	6.3.1.148
%windir%\system32\Dxtmsft.dll	6.3.2800.1557
%windir%\system32\Dxtrans.dll	6.3.2800.1557
%windir%\system32\Iepeers.dll	6.0.2800.1534
%windir%\system32\Inseng.dll	6.0.2800.1469
%windir%\system32\Jsproxy.dll	6.0.2800.1548
%windir%\system32\Mshtml.dll	6.0.2800.1561
%windir%\system32\Msrating.dll	6.0.2800.1623
%windir%\system32\Mstime.dll	6.0.2800.1537
%windir%\system32\Pngfilt.dll	6.0.2800.1505
%windir%\system32\Shdocvw.dll	6.0.2800.1849
%windir%\system32\Shlwapi.dll	6.0.2800.1740
%windir%\system32\Urlmon.dll	6.0.2800.1565
%windir%\system32\Wininet.dll	6.0.2800.1559

Registry changes

Registry Path	Key Name	Key Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Internet Explorer 6\SP1\KB918899-IE6SP1-20060725.123917		-2

Patch Mgmt Features

Desktop Mgmt Features

Forums

Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.