Patch Management Software
 
MS06-072 Bulletin Details Microsoft Security Bulletins

Bulletin ID:MS06-072
TitleCumulative Security Update for Internet Explorer (925454)
Summary: A remote code execution vulnerability exists in Internet Explorer due to attempts to access previously freed memory when handling script errors in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

A remote code execution vulnerability exists in the way Internet Explorer interprets certain DHTML script function calls to incorrectly created elements. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

An information disclosure vulnerability exists in Internet Explorer in the way that drag and drop operations are handled in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed and interacted with the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a user’s system.

An information disclosure vulnerability exists in Internet Explorer in certain scenarios where the path to the cached content in the TIF folder could be disclosed. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a user’s system. However, user interaction is required to exploit this vulnerability.
Knowledgebase: 925454


List of Patches

S.No Patch Name Severity
1.IE5.01sp4-KB925454-Windows2000sp4-x86-ENU.exeImportant
2.IE6.0sp1-KB925454-Windows2000-x86-ENU.exeCritical
3.WindowsServer2003-KB925454-x86-ENU.exeModerate
4.WindowsServer2003-SP1-KB925454-x86-ENU.exeModerate
5.WindowsXP-KB925454-x86-ENU.exeCritical

 
Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.
© 2012, ZOHO Corp. All rights reserved. Trademarks | Privacy Policy | Site Map | Contact Us | Careers | Tell Us