mfarley
02-11-2004, 12:15 PM
Mods erase this post if Leroi has already posted it
TITLE:
Internet Explorer Travel Log Arbitrary Script Execution Vulnerability
SECUNIA ADVISORY ID:
SA10765
VERIFY ADVISORY:
http://www.secunia.com/advisories/10765/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.01
DESCRIPTION:
Microsoft has issued patches for Internet Explorer, which fix three
vulnerabilities. One of these can be exploited by malicious people to
compromise a user's system.
The vulnerability is caused due to an input validation error in
Internet Explorer's travel log, which is an interface used for
maintaining a list of recently visited sites.
This can be exploited via a specially crafted HTML document to inject
malicious URLs into the travel log, which will result in arbitrary
script code being executed when the URLs are parsed.
Successful exploitation will execute the script code in context of
the "MyComputer" security zone.
NOTE: This vulnerability seems to be the same as a priorly reported
vulnerability. The issued patches furthermore fix two other known
vulnerabilities (see "Other References" section).
SOLUTION:
Apply patches manually or via WindowsUpdate.
Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A-47C0-90D3-0C884910BC97&displaylang=en)
Internet Explorer 6 Service Pack 1 (64-Bit Edition):
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=326EFFDA-8D86-4683-BC77-9BF410BC620D&displaylang=en)
Internet Explorer 6 for Windows Server 2003:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=D78AE4F7-8852-4A04-B8F6-1DE327E598F0&displaylang=en)
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition):
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7894F0-789F-4152-9AE4-8DCB43404149&displaylang=en)
Internet Explorer 6:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=BE0C18BC-7F9A-4196-BFDE-29EBA8CF7A50&displaylang=en)
Internet Explorer 5.5 Service Pack 2:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=EFFE87F6-7ACA-4A54-B767-5597DDE95C6F&displaylang=en)
Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E-49FD-9AA2-36D2D8454A92&displaylang=en)
Internet Explorer 5.01 Service Pack 3:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56-4F4A-8C0F-4183C77B6B51&displaylang=en)
Internet Explorer 5.01 Service Pack 2:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE-4C99-A780-81D6DBC48DD5&displaylang=en)
PROVIDED AND/OR DISCOVERED BY:
Microsoft credits Andreas Sandblad.
ORIGINAL ADVISORY:
http://www.microsoft.com/technet/security/...in/MS04-004.asp (http://www.microsoft.com/technet/security/bulletin/MS04-004.asp)
OTHER REFERENCES:
SA10289:
http://www.secunia.com/advisories/10289/
SA10395:
http://www.secunia.com/advisories/10395/
TITLE:
Internet Explorer Travel Log Arbitrary Script Execution Vulnerability
SECUNIA ADVISORY ID:
SA10765
VERIFY ADVISORY:
http://www.secunia.com/advisories/10765/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.01
DESCRIPTION:
Microsoft has issued patches for Internet Explorer, which fix three
vulnerabilities. One of these can be exploited by malicious people to
compromise a user's system.
The vulnerability is caused due to an input validation error in
Internet Explorer's travel log, which is an interface used for
maintaining a list of recently visited sites.
This can be exploited via a specially crafted HTML document to inject
malicious URLs into the travel log, which will result in arbitrary
script code being executed when the URLs are parsed.
Successful exploitation will execute the script code in context of
the "MyComputer" security zone.
NOTE: This vulnerability seems to be the same as a priorly reported
vulnerability. The issued patches furthermore fix two other known
vulnerabilities (see "Other References" section).
SOLUTION:
Apply patches manually or via WindowsUpdate.
Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A-47C0-90D3-0C884910BC97&displaylang=en)
Internet Explorer 6 Service Pack 1 (64-Bit Edition):
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=326EFFDA-8D86-4683-BC77-9BF410BC620D&displaylang=en)
Internet Explorer 6 for Windows Server 2003:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=D78AE4F7-8852-4A04-B8F6-1DE327E598F0&displaylang=en)
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition):
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7894F0-789F-4152-9AE4-8DCB43404149&displaylang=en)
Internet Explorer 6:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=BE0C18BC-7F9A-4196-BFDE-29EBA8CF7A50&displaylang=en)
Internet Explorer 5.5 Service Pack 2:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=EFFE87F6-7ACA-4A54-B767-5597DDE95C6F&displaylang=en)
Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E-49FD-9AA2-36D2D8454A92&displaylang=en)
Internet Explorer 5.01 Service Pack 3:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56-4F4A-8C0F-4183C77B6B51&displaylang=en)
Internet Explorer 5.01 Service Pack 2:
http://www.microsoft.com/downloads/details...&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE-4C99-A780-81D6DBC48DD5&displaylang=en)
PROVIDED AND/OR DISCOVERED BY:
Microsoft credits Andreas Sandblad.
ORIGINAL ADVISORY:
http://www.microsoft.com/technet/security/...in/MS04-004.asp (http://www.microsoft.com/technet/security/bulletin/MS04-004.asp)
OTHER REFERENCES:
SA10289:
http://www.secunia.com/advisories/10289/
SA10395:
http://www.secunia.com/advisories/10395/