F-Secure
Tools
Microsoft Internet Explorer Two Code Execution Vulnerabilities
| Report ID: | SA200900739 |
| Source: | Secunia |
| Date of Discovery: | 10.02.2009 |
| Criticality: | Urgent |
| Affects: | Microsoft Internet Explorer 7.x |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
Two vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
Detailed Description
1) An unspecified error exists due to the use of a previously deleted object. This can be exploited to corrupt memory and execute arbitrary code when a user e.g. visits a malicious web site.
2) An unspecified error exists within the handling of Cascading Style Sheets (CSS). This can be exploited to cause a memory corruption and execute arbitrary code when a user e.g. visits a specially crafted web site.
2) An unspecified error exists within the handling of Cascading Style Sheets (CSS). This can be exploited to cause a memory corruption and execute arbitrary code when a user e.g. visits a specially crafted web site.
Solution
Apply patches.
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/de...=8cd902ec-e018-4b61-80f9-825d973f998e
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=dd3e2236-9cc0-478e-a46c-981ef685c0e3
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=e52aa1fd-e694-4322-b3ff-6abc1b4a16fe
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=edbf1566-b96b-4c7d-98fe-b15f8e766792
Windows Server 2003 with SP1/SP2 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=5ce78797-d1c0-40d4-84e1-1004389833be
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/de...=5f9fa4b6-85a4-43bc-b84f-6bd847799650
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/de...=e9a8c94b-b9d2-4d64-855f-b5f02ce3dfb5
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/de...=2491dbf2-7cd3-44f1-bfad-77e6f760a25c
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/de...=794373cc-2dce-4ef5-af50-7804c622c230
Windows Server 2008 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=11985325-4b33-4077-82cf-6afc7a71c510
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/de...=8cd902ec-e018-4b61-80f9-825d973f998e
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=dd3e2236-9cc0-478e-a46c-981ef685c0e3
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=e52aa1fd-e694-4322-b3ff-6abc1b4a16fe
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=edbf1566-b96b-4c7d-98fe-b15f8e766792
Windows Server 2003 with SP1/SP2 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=5ce78797-d1c0-40d4-84e1-1004389833be
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/de...=5f9fa4b6-85a4-43bc-b84f-6bd847799650
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/de...=e9a8c94b-b9d2-4d64-855f-b5f02ce3dfb5
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/de...=2491dbf2-7cd3-44f1-bfad-77e6f760a25c
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/de...=794373cc-2dce-4ef5-af50-7804c622c230
Windows Server 2008 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=11985325-4b33-4077-82cf-6afc7a71c510
Original Reference
MS09-002 (KB961260):
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx