Update for Microsoft Internet Explorer HTML Elements Vulnerability

04/12/2004 - 17:35 por Windows | Informe spam
Update for Microsoft Internet Explorer HTML Elements Vulnerability
http://www.us-cert.gov/cas/techaler...-336A.html

Original release date: December 1, 2004
Last revised: December 3, 2004
Source: US-CERT

Systems Affected

Microsoft Windows systems running

* Internet Explorer versions 6 and later (see MS04-040 for
affected software and components)
* Other programs that host the WebBrowser ActiveX control


Overview

Microsoft Security Bulletin MS04-040 contains an update to fix a
buffer overflow vulnerability in Internet Explorer.

I. Description

TA04-315A describes a buffer overflow vulnerability in Microsoft
Internet Explorer HTML elements that could allow a remote attacker to
execute arbitrary code. Note that any program that hosts the
WebBrowser ActiveX control could be affected. Microsoft Security
Bulletin MS04-040 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#842160.

II. Impact

By convincing a user to view a specially crafted HTML document (e.g.,
a web page or an HTML email message), an attacker could execute
arbitrary code with the privileges of the user. The attacker could
also cause IE to crash.

Reports indicate that this vulnerability is being exploited by
malicious code referred to as MyDoom.{AG,AH,AI} or Bofra.

III. Solution
Install an update
Install the appropriate update according to Microsoft Security
Bulletin MS04-040. For additional information about the update,
including possible adverse effects, please see Microsoft Knowledge
Base articles 889293 and 889669.

Internet Explorer 6 on Windows XP SP2 is not vulnerable. Please see
MS04-040 for information about affected software and components.

Appendix A. References

* Microsoft Security Bulletin MS04-040 -
<http://www.microsoft.com/technet/se...0.mspx>
* MS04-040: Cumulative Security Update for Internet Explorer (IE
6.0 SP1) - <http://support.microsoft.com/kb/889293>
* An update rollup is available for Internet Explorer 6 SP1 -
<http://support.microsoft.com/kb/889669>
* US-CERT Technical Cyber Security Alert TA04-315A -
<http://www.us-cert.gov/cas/techaler...A.html>
* Vulnerability Note VU#842160 -
<http://www.kb.cert.org/vuls/id/842160>
* About the Browser (Internet Explorer - WebBrowser) -
<http://msdn.microsoft.com/workshop/...ew.asp>


Feedback can be directed to the authors: Will Dormann and Art Manion.

Copyright 2004 Carnegie Mellon University. Terms of use

Revision History

December 1, 2004: Initial release
December 3, 2004: Added information about IE 6 on Windows XP SP2
 

Leer las respuestas

#1 Carlos Lasarte
04/12/2004 - 18:47 | Informe spam
OT

Espero que esto resuelva tu problema, sino, no dudes en preguntar de nuevo
Para la Seguridad de tu equipo, instala el SP2 de Windows XP
http://www.microsoft.com/downloads/...p;FamilyID9c9dbe-3b8e-4f30-8245-9e368d3cdb5a

Saludos
Carlos Lasarte

Windows XP Home
"Windows" escribió en el mensaje
news:1mr3se0kzn6qt$
Update for Microsoft Internet Explorer HTML Elements Vulnerability
http://www.us-cert.gov/cas/techaler...-336A.html

Original release date: December 1, 2004
Last revised: December 3, 2004
Source: US-CERT

Systems Affected

Microsoft Windows systems running

* Internet Explorer versions 6 and later (see MS04-040 for
affected software and components)
* Other programs that host the WebBrowser ActiveX control


Overview

Microsoft Security Bulletin MS04-040 contains an update to fix a
buffer overflow vulnerability in Internet Explorer.

I. Description

TA04-315A describes a buffer overflow vulnerability in Microsoft
Internet Explorer HTML elements that could allow a remote attacker to
execute arbitrary code. Note that any program that hosts the
WebBrowser ActiveX control could be affected. Microsoft Security
Bulletin MS04-040 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#842160.

II. Impact

By convincing a user to view a specially crafted HTML document (e.g.,
a web page or an HTML email message), an attacker could execute
arbitrary code with the privileges of the user. The attacker could
also cause IE to crash.

Reports indicate that this vulnerability is being exploited by
malicious code referred to as MyDoom.{AG,AH,AI} or Bofra.

III. Solution
Install an update
Install the appropriate update according to Microsoft Security
Bulletin MS04-040. For additional information about the update,
including possible adverse effects, please see Microsoft Knowledge
Base articles 889293 and 889669.

Internet Explorer 6 on Windows XP SP2 is not vulnerable. Please see
MS04-040 for information about affected software and components.

Appendix A. References

* Microsoft Security Bulletin MS04-040 -
<http://www.microsoft.com/technet/se...0.mspx>
* MS04-040: Cumulative Security Update for Internet Explorer (IE
6.0 SP1) - <http://support.microsoft.com/kb/889293>
* An update rollup is available for Internet Explorer 6 SP1 -
<http://support.microsoft.com/kb/889669>
* US-CERT Technical Cyber Security Alert TA04-315A -
<http://www.us-cert.gov/cas/techaler...A.html>
* Vulnerability Note VU#842160 -
<http://www.kb.cert.org/vuls/id/842160>
* About the Browser (Internet Explorer - WebBrowser) -
<http://msdn.microsoft.com/workshop/...ew.asp>


Feedback can be directed to the authors: Will Dormann and Art Manion.

Copyright 2004 Carnegie Mellon University. Terms of use

Revision History

December 1, 2004: Initial release
December 3, 2004: Added information about IE 6 on Windows XP SP2

Preguntas similares