Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 13 октября 2009 г.
Опубликовано:14 октября 2009 г.
Источник:
SecurityVulns ID:10313
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.)
 CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.)
 CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability.")
 CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability (14.10.2009)
 documentZDI, ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability (14.10.2009)
 documentBerend-Jan Wever, MSIE Content-Encoding: deflate memory corruption vulnerability (14.10.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-054 - Critical Cumulative Security Update for Internet Explorer (974455) (13.10.2009)
Файлы:Microsoft Security Bulletin MS09-054 - Critical Cumulative Security Update for Internet Explorer (974455)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород