|
|
|
| MS06-021 Bulletin Details |
 Microsoft Security Bulletins |
| Bulletin ID: | MS06-021 |
| Title | Cumulative Security Update for Internet Explorer (916281). |
| Summary: | 1. Exception Handling Memory Corruption Vulnerability :
A remote code execution vulnerability exists in the way Internet Explorer handles exceptional conditions. As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
2. HTML Decoding Memory Corruption Vulnerability :
A remote code execution vulnerability exists in the way Internet Explorer decodes specially crafted UTF-8 encoded HTML. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
3. ActiveX Control Memory Corruption Vulnerability :
A remote code execution vulnerability exists in the DXImageTransform.Microsoft.Light ActiveX control if passed unexpected data. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
4. COM Object Instantiation Memory Corruption Vulnerability :
A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
5. CSS Cross-Domain Information Disclosure Vulnerability :
An information disclosure vulnerability exists in Internet Explorer because it incorrectly interprets a specially crafted document as a cascading style sheet (CSS). An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially lead to information disclosure if a user visited a specially crafted Web site or clicked a link in a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could read file data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability.
6. Address Bar Spoofing Vulnerability :
A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI can be displayed from trusted Web sites but the content of the window contains the attackerÂs Web page.
7. MHT Memory Corruption Vulnerability :
A remote code execution vulnerability exists in the way Internet Explorer saves multipart HTML (.mht) files. An attacker could exploit the vulnerability by constructing a specially crafted Web page and convince a user to save this Web page as a multipart HTML file that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system however significant user interaction is required.
8. Address Bar Spoofing Vulnerability :
A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI can be displayed from trusted Web sites but the content of the window contains the attackerÂs Web page.
|
| Knowledgebase: |
916281 |
List of Patches
|
| |
|
|
|
| |
|
|
| Patch Mgmt Features |
 |
|
|
| Desktop Mgmt Features |
|
|
|
| Forums |
|
|
|
| |
|
