[NEWS] Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerabi

[c.m.g]

12 febbraio 2008

Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability

Il sito di sicurezza Security Focus riporta una vulnerabilità in Microsoft Internet Explorer che è incline a un attacco di tipo remote memory-corruption.

Un malintenzionato, da remoto, può usare questo bug per eseguire codice arbitrario (presumibilmente dannoso) nel contesto di una sessione di navigazione da parte di un utente ignaro che usa il browser su citato.

Lo sfruttamento con successo di questo tipo di attacco porterebbe al crash dell'applicazione od a una condizione di attacco di denial-of-service.

Nello specifico, le versioni vulnerabili sono:

Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0 (che girano su)
- Citrix ICA Client for Windows 4.0 SP6a
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
Microsoft Internet Explorer 7.0 (che gira su)
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0

Soluzioni:

Microsoft ha rilasciato dei bollettini di sicurezza e una patch (al momento solo la versione 6 risulta patchata). fare riferimento ai referenti bollettini quì sotto per maggiori info.

Microsoft Internet Explorer 6.0 SP1
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB944533)
http://www.microsoft.com/downloads/d...=87E66DCE-5060 -4814-8754-829B4E190359&displaylang=en


Microsoft Internet Explorer 6.0
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB944533)
http://www.microsoft.com/downloads/d...=429B7ED1-FE78 -459A-B834-D0F3C69CB703&displaylang=en

Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB944533)
http://www.microsoft.com/downloads/d...=E989E23C-38BB -4FE7-A830-D7BDF7659392&displaylang=en

Microsoft Cumulative Security Update for Internet Explorer for Windows XP Service Pack 2 (KB944533)
http://www.microsoft.com/downloads/d...=BB2AA3CB-021F -4890-AB20-2A51F8E17554&displaylang=en

Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB944533)
http://www.microsoft.com/downloads/d...=8989F576-8B30 -4866-90EC-929D24F3B409&displaylang=en


Fonte: SecurityFocus