Patch Management Software
 
MS06-042 Bulletin Details Microsoft Security Bulletins

Bulletin ID:MS06-042
TitleCumulative Security Update for Internet Explorer (918899)
Summary: Redirect Cross-Domain Information Disclosure Vulnerability - CVE-2006-3280:

An information disclosure vulnerability exists in Internet Explorer in the way that a redirect is handled. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could read file data from a Web page in another Internet Explorer domain. This other Web page must use gzip encoding or some other compression type supported by Internet Explorer for any information disclosure to occur. This other Web page must also be cached on the client side for a successful exploit.

HTML Layout and Positioning Memory Corruption Vulnerability - CVE-2006-3450:

A remote code execution vulnerability exists in the way Internet Explorer interprets HTML with certain layout positioning combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

CSS Memory Corruption Vulnerability - CVE-2006-3451:

A remote code execution vulnerability exists in the way Internet Explorer handles chained Cascading Style Sheets (CSS). An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

HTML Rendering Memory Corruption Vulnerability - CVE-2006-3637:

A remote code execution vulnerability exists in the way Internet Explorer interprets HTML with certain layout combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-3638:

A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Source Element Cross-Domain Vulnerability - CVE-2006-3639:

A remote code execution and information disclosure vulnerability exists in Internet Explorer in the way that a redirect is handled. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could read file data from a Web page in another Internet Explorer domain.

Window Location Information Disclosure Vulnerability - CVE-2006-3640:

An information disclosure vulnerability exists in Internet Explorer where script can be persisted across navigations and used to gain access to the location of a Window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could gain access to the Window location of a Web page in another domain or Internet Explorer zone.

FTP Server Command Injection Vulnerability - CVE-2004-1166:

An elevation of privilege vulnerability exists in the way Internet Explorer handles specially crafted FTP links that contain line feeds. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow the attacker to issue FTP server commands if a user clicked on an FTP link. An attacker who successfully exploited this vulnerability could issue server commands as the user to servers.

Knowledgebase: 918899


List of Patches

S.No Patch Name Severity
1.IE5.01sp4-KB918899-Windows2000sp4-x86-ENU.exeCritical
2.IE6.0sp1-KB918899-Windows-2000-XP-x86-ENU.exeCritical
3.WindowsServer2003-KB918899-x86-ENU.exeCritical
4.WindowsServer2003-SP1-KB918899-x86-ENU.exeCritical
5.WindowsXP-KB918899-x86-ENU.exeCritical

 
Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.
© 2012, ZOHO Corp. All rights reserved. Trademarks | Privacy Policy | Site Map | Contact Us | Careers | Tell Us