1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Security Threats
  3. Vulnerability Reports
  4. SA201006493

Microsoft Cumulative Security Update for Internet Explorer

Report ID: SA201006493
Source: F-Secure
Date of Discovery: 10.08.2010
Criticality: Critical
Affects:
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Compromise From: From remote
Compromise Type: Exposure of sensitive information
Remote code execution

Summary

The latest release of Internet Explorer's cumulative security update resolves multiple vulnerabilities that could cause information disclosure and remote code execution. 

Detailed Description

Microsoft has released a cumulative security update for Internet Explorer to resolves multiple vulnerabilities that could cause information disclosure and remote code execution. The vulnerabilities that were disclosed are as follows:

  • An event handler cross-domain vulnerability, caused by incorrect interpretation of script's origin, could allow script to access a browser window from another domain.
  • Three uninitialized memory corruption vulnerabilities, which is caused by memory corruption resulted from attempting to access uninitialized or deleted object, could lead to remote code execution.
  • A race condition memory corruption vulnerability, caused by attempting to access a corrupted object, could lead to a remote code execution.
  • A HTML layout memory corruption vulnerability, caused by attempting to access incorrectly initialized memory, could lead to remote code execution.

Solution

Install the latest update for applicable version.

Windows XP Service Pack 3

 

Windows XP Professional x64 Edition Service Pack 2

 

Windows Server 2003 Service Pack 2

 

Windows Server 2003 x64 Edition Service Pack 2

 

Windows Server 2003 with SP2 for Itanium-based Systems

 

Windows Vista Service Pack 1 and Service Pack 2

 

Windows Vista x64 Edition Service Pack 1 and Service Pack 2

 

Windows Server 2008 for 32-bit Systems and Service Pack 2

 

Windows Server 2008 for x64-based Systems and Service Pack 2

 

Windows Server 2008 for Itanium-based Systems and Service Pack 2

 

Windows 7 for 32-bit Systems

 

Windows 7 for x64-based Systems

 

Windows Server 2008 R2 for x64-based Systems

 

Windows Server 2008 R2 for Itanium-based Systems

 

**Server Core installation not affected.

 

 

Original Reference

CVE Reference

CVE-2010-1258
CVE-2010-2556
CVE-2010-2557
CVE-2010-2558
CVE-2010-2559
CVE-2010-2560