Patch Management Software
 
MS06-021 Bulletin Details Microsoft Security Bulletins

Bulletin ID:MS06-021
TitleCumulative Security Update for Internet Explorer (916281).
Summary: 1. Exception Handling Memory Corruption Vulnerability :     A remote code execution vulnerability exists in the way Internet Explorer handles exceptional conditions. As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

2. HTML Decoding Memory Corruption Vulnerability :     A remote code execution vulnerability exists in the way Internet Explorer decodes specially crafted UTF-8 encoded HTML. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

3. ActiveX Control Memory Corruption Vulnerability :     A remote code execution vulnerability exists in the DXImageTransform.Microsoft.Light ActiveX control if passed unexpected data. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

4. COM Object Instantiation Memory Corruption Vulnerability :     A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

5. CSS Cross-Domain Information Disclosure Vulnerability :     An information disclosure vulnerability exists in Internet Explorer because it incorrectly interprets a specially crafted document as a cascading style sheet (CSS). An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially lead to information disclosure if a user visited a specially crafted Web site or clicked a link in a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could read file data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability.

6. Address Bar Spoofing Vulnerability :     A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI can be displayed from trusted Web sites but the content of the window contains the attacker’s Web page.

7. MHT Memory Corruption Vulnerability :     A remote code execution vulnerability exists in the way Internet Explorer saves multipart HTML (.mht) files. An attacker could exploit the vulnerability by constructing a specially crafted Web page and convince a user to save this Web page as a multipart HTML file that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system however significant user interaction is required.

8. Address Bar Spoofing Vulnerability :     A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI can be displayed from trusted Web sites but the content of the window contains the attacker’s Web page.
Knowledgebase: 916281


List of Patches

S.No Patch Name Severity
1.IE5.01sp4-KB916281-Windows2000sp4-x86-ENU.exeCritical
2.IE6.0sp1-KB916281-Windows-2000-XP-x86-ENU.exeCritical
3.WindowsServer2003-KB916281-x86-ENU.exeCritical
4.WindowsServer2003-SP1-KB916281-x86-ENU.exeCritical
5.WindowsXP-KB916281-x86-ENU.exeCritical

 
Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.
© 2012, ZOHO Corp. All rights reserved. Trademarks | Privacy Policy | Site Map | Contact Us | Careers | Tell Us