Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 15 июня 2011 г.
Опубликовано:22 июля 2011 г.
Источник:
SecurityVulns ID:11729
Тип:клиент
Уровень опасности:
9/10
Описание:Скриптинг между приложениями в обработчике mhtml, повреждения памяти в VML, многочисленные повреждения памяти в Internet explorer, утечка информации.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability.")
 CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability.")
 CVE-2011-1262 (Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability.")
 CVE-2011-1261 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability.")
 CVE-2011-1260 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability.")
 CVE-2011-1258 (Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability.")
 CVE-2011-1256 (Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability.")
 CVE-2011-1255 (The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability.")
 CVE-2011-1254 (Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability.")
 CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability.")
 CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability.")
 CVE-2011-1250 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability.")
 CVE-2011-1246 (Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability.")
Оригинальный текстdocumentIBM, Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure (22.07.2011)
 documentNsfocus Security Team, NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability (19.06.2011)
 documentZDI, ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability (19.06.2011)
 documentZDI, ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-195: Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-193: Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability (19.06.2011)
Файлы:Microsoft Security Bulletin MS11-037 - Important Vulnerability in MHTML Could Allow Information Disclosure (2544893)
 Microsoft Security Bulletin MS11-052 - Important Vulnerability in MHTML Could Allow Information Disclosure (2544893)
 Microsoft Security Bulletin MS11-050 - Critical Cumulative Security Update for Internet Explorer (2530548)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород