Dan
12-13-2005, 18:16
Get yer updates while ya can
Technical Cyber Security Alert TA05-347A
Microsoft Internet Explorer Vulnerabilities
Original release date: December 13, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security
Bulletin Summary for December 2005.
Overview
Microsoft has released updates that address critical vulnerabilities
in Internet Explorer (IE). A remote, unauthenticated attacker could
exploit these vulnerabilities to execute arbitrary code or cause a
denial of service on an affected system.
I. Description
The Microsoft Security Bulletins for December 2005 address
vulnerabilities in Microsoft Windows and Internet Explorer. By
convincing a user to view a specially crafted HTML document, such as a
web page or an HTML email message or attachment, an attacker could
execute arbitrary code with the privileges of the user. The attacker
could also cause IE or the program using the WebBrowser control to
crash.
Further information is available in the following US-CERT
Vulnerability Notes:
VU#887861 - Microsoft Internet Explorer vulnerable to code execution
via mismatched DOM objects
Microsoft Internet Explorer fails to properly handle requests to
mismatched DOM objects, which may allow a remote attacker to execute
arbitrary code on a vulnerable system.
(CVE-2005-1790)
VU#959049 - Several COM objects cause memory corruption in Microsoft
Internet Explorer
Microsoft Internet Explorer allows instantiation of COM objects not
designed for use in the browser, which may allow an attacker to
execute arbitrary code or crash IE.
(CVE-2005-2127)
II. Impact
A remote, unauthenticated attacker exploiting these vulnerabilities
could execute arbitrary code with the privileges of the user. If the
user is logged on with administrative privileges, the attacker could
take complete control of an affected system or cause a denial of
service.
III. Solution
Apply Updates
Microsoft has provided the updates for these and other vulnerabilities
in the December 2005 Security Bulletins and on the Microsoft Update
site.
Disable ActiveX
Disable ActiveX in the Internet Zone to further protect against the
vulnerabilities described in VU#959049 and VU#680526. Instructions for
disabling ActiveX are available in the CERT/CC Malicious Web Scripts
FAQ. Note that disabling ActiveX will reduce the functionality of some
web sites.
The updates provided by MS05-037, MS05-038, MS05-052, and MS05-054
block COM objects known to be vulnerable, however there may be more.
Appendix A. References
* Microsoft Security Bulletin Summary for December 2005 -
<http://www.microsoft.com/technet/security/bulletin/ms05-dec.mspx>
* Microsoft Security Bulletin MS05-054 -
<http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx>
* Microsoft Security Bulletin MS05-052 -
<http://www.microsoft.com/technet/security/bulletin/MS05-052.mspx>
* Microsoft Security Bulletin MS05-038 -
<http://www.microsoft.com/technet/security/bulletin/MS05-038.mspx>
* Microsoft Security Bulletin MS05-037 -
<http://www.microsoft.com/technet/security/bulletin/MS05-037.mspx>
* US-CERT Vulnerability Note VU#887861 -
<http://www.kb.cert.org/vuls/id/887861>
* US-CERT Vulnerability Note VU#959049 -
<http://www.kb.cert.org/vuls/id/959049>
* US-CERT Vulnerability Note VU#680526 -
<http://www.kb.cert.org/vuls/id/680526>
* CVE-2005-1790 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1790>
* CVE-2005-2127 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2127>
* CERT/CC Malicious Web Scripts FAQ -
<http://www.cert.org/tech_tips/malicious_code_FAQ.html#ie56>
* Improve the safety of your browsing and e-mail activities -
<http://www.microsoft.com/athome/security/online/browsing_safety.m
spx>
* Security Essentials -
<http://www.microsoft.com/athome/security/protect/default.aspx>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate>
__________________________________________________ _______________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA05-347A.html>
__________________________________________________ _______________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA05-347A Feedback VU#887861" in the
subject.
__________________________________________________ _______________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
__________________________________________________ _______________
Produced 2005 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
__________________________________________________ _______________
Revision History
December 13, 2005: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ59LY30pj593lg50AQLb7AgAyoitGXFhQ5kbEXQwDy ZLsxMnA2NTH3NA
7Xo7HqFr230p0BwzusI48XbEUg/NVN4gEQEqaaI+Rq9hYbLj6mkmgYV0O3ljZ1Xq
zIHakv0GRA71JkC/npDEGeNxIgu3L0jNjnjrBc10Sh3gKTzLamfBpljhLUPkaa8V
SCjYJA3Tq9wJy8vyB+K0ApYYtLvW3LHsQIG3c4nKu/QPfn+uVSSrOFkeQq0JckDY
9P/hrCbfmG7jz8KVAhRl7w90zAZm/uIPUO0LUhBer1WebdUsu+cX/7q4/iDh16Dq
e74OK2S3P1hESn8wo7EYc/VL09aEw8k3EIfuFYO64EuQFu0Dd6Q39g==
=omN4
-----END PGP SIGNATURE-----
Technical Cyber Security Alert TA05-347A
Microsoft Internet Explorer Vulnerabilities
Original release date: December 13, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security
Bulletin Summary for December 2005.
Overview
Microsoft has released updates that address critical vulnerabilities
in Internet Explorer (IE). A remote, unauthenticated attacker could
exploit these vulnerabilities to execute arbitrary code or cause a
denial of service on an affected system.
I. Description
The Microsoft Security Bulletins for December 2005 address
vulnerabilities in Microsoft Windows and Internet Explorer. By
convincing a user to view a specially crafted HTML document, such as a
web page or an HTML email message or attachment, an attacker could
execute arbitrary code with the privileges of the user. The attacker
could also cause IE or the program using the WebBrowser control to
crash.
Further information is available in the following US-CERT
Vulnerability Notes:
VU#887861 - Microsoft Internet Explorer vulnerable to code execution
via mismatched DOM objects
Microsoft Internet Explorer fails to properly handle requests to
mismatched DOM objects, which may allow a remote attacker to execute
arbitrary code on a vulnerable system.
(CVE-2005-1790)
VU#959049 - Several COM objects cause memory corruption in Microsoft
Internet Explorer
Microsoft Internet Explorer allows instantiation of COM objects not
designed for use in the browser, which may allow an attacker to
execute arbitrary code or crash IE.
(CVE-2005-2127)
II. Impact
A remote, unauthenticated attacker exploiting these vulnerabilities
could execute arbitrary code with the privileges of the user. If the
user is logged on with administrative privileges, the attacker could
take complete control of an affected system or cause a denial of
service.
III. Solution
Apply Updates
Microsoft has provided the updates for these and other vulnerabilities
in the December 2005 Security Bulletins and on the Microsoft Update
site.
Disable ActiveX
Disable ActiveX in the Internet Zone to further protect against the
vulnerabilities described in VU#959049 and VU#680526. Instructions for
disabling ActiveX are available in the CERT/CC Malicious Web Scripts
FAQ. Note that disabling ActiveX will reduce the functionality of some
web sites.
The updates provided by MS05-037, MS05-038, MS05-052, and MS05-054
block COM objects known to be vulnerable, however there may be more.
Appendix A. References
* Microsoft Security Bulletin Summary for December 2005 -
<http://www.microsoft.com/technet/security/bulletin/ms05-dec.mspx>
* Microsoft Security Bulletin MS05-054 -
<http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx>
* Microsoft Security Bulletin MS05-052 -
<http://www.microsoft.com/technet/security/bulletin/MS05-052.mspx>
* Microsoft Security Bulletin MS05-038 -
<http://www.microsoft.com/technet/security/bulletin/MS05-038.mspx>
* Microsoft Security Bulletin MS05-037 -
<http://www.microsoft.com/technet/security/bulletin/MS05-037.mspx>
* US-CERT Vulnerability Note VU#887861 -
<http://www.kb.cert.org/vuls/id/887861>
* US-CERT Vulnerability Note VU#959049 -
<http://www.kb.cert.org/vuls/id/959049>
* US-CERT Vulnerability Note VU#680526 -
<http://www.kb.cert.org/vuls/id/680526>
* CVE-2005-1790 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1790>
* CVE-2005-2127 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2127>
* CERT/CC Malicious Web Scripts FAQ -
<http://www.cert.org/tech_tips/malicious_code_FAQ.html#ie56>
* Improve the safety of your browsing and e-mail activities -
<http://www.microsoft.com/athome/security/online/browsing_safety.m
spx>
* Security Essentials -
<http://www.microsoft.com/athome/security/protect/default.aspx>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate>
__________________________________________________ _______________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA05-347A.html>
__________________________________________________ _______________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA05-347A Feedback VU#887861" in the
subject.
__________________________________________________ _______________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
__________________________________________________ _______________
Produced 2005 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
__________________________________________________ _______________
Revision History
December 13, 2005: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ59LY30pj593lg50AQLb7AgAyoitGXFhQ5kbEXQwDy ZLsxMnA2NTH3NA
7Xo7HqFr230p0BwzusI48XbEUg/NVN4gEQEqaaI+Rq9hYbLj6mkmgYV0O3ljZ1Xq
zIHakv0GRA71JkC/npDEGeNxIgu3L0jNjnjrBc10Sh3gKTzLamfBpljhLUPkaa8V
SCjYJA3Tq9wJy8vyB+K0ApYYtLvW3LHsQIG3c4nKu/QPfn+uVSSrOFkeQq0JckDY
9P/hrCbfmG7jz8KVAhRl7w90zAZm/uIPUO0LUhBer1WebdUsu+cX/7q4/iDh16Dq
e74OK2S3P1hESn8wo7EYc/VL09aEw8k3EIfuFYO64EuQFu0Dd6Q39g==
=omN4
-----END PGP SIGNATURE-----