Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 10 декабря 2008 г.
Опубликовано:29 декабря 2008 г.
Источник:
SecurityVulns ID:9496
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability.")
 CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability.")
Оригинальный текстdocumentBrett Moore, [Full-disclosure] Insomnia : ISVA-081209.1 - IE Webdav Request Parsing Heap Corruption Vulnerability (10.12.2008)
 documentZDI, ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability (10.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.09.08: Microsoft Internet Explorer 5.01 EMBED tag Long File Name Extension Stack Buffer Overflow Vulnerability (iDefense Exclusive) (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215) (10.12.2008)
Файлы: Microsoft Internet Explorer XML Buffer Overflow Exploit
  Microsoft Security Bulletin MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород