Windows : Microsoft Bulletins : Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.801488

Category: Windows : Microsoft Bulletins

Title: Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)

Summary: Check for the vulnerable mshtml.dll file version

Description:
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-024.

Vulnerability Insight:
The flaw is due to a memory corruption error in Internet Explorer when
processing specially crafted data streams.

Impact:
Successful exploitation will allow attacker to execute arbitrary code with
the privileges of the application. Failed attacks may cause denial-of-service
conditions.

Impact Level: System/Application

Affected Software/OS:
Microsoft Internet Explorer version 5.x/6.x/7.x

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx

References:
http://secunia.com/advisories/27707
http://www.vupen.com/english/advisories/2008/1148/references
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx

Cross-Ref: BugTraq ID: 28552
Common Vulnerability Exposure (CVE) ID: CVE-2008-1085
Bugtraq: 20080414 Secunia Research: Internet Explorer Data Stream HandlingVulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/490840/100/0/threaded
http://secunia.com/secunia_research/2007-100/advisory/
HPdes Security Advisory: HPSBST02329
http://marc.info/?l=bugtraq&m=120845064910729&w=2
HPdes Security Advisory: SSRT080048
Microsoft Security Bulletin: MS08-024
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
Cert/CC Advisory: TA08-099A
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
http://www.securityfocus.com/bid/28552
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5563
http://www.vupen.com/english/advisories/2008/1148/references
http://www.securitytracker.com/id?1019801
http://secunia.com/advisories/27707

Copyright Copyright (C) 2011 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.801488
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
Summary:	Check for the vulnerable mshtml.dll file version
Description:	Overview: This host is missing a critical security update according to Microsoft Bulletin MS08-024. Vulnerability Insight: The flaw is due to a memory corruption error in Internet Explorer when processing specially crafted data streams. Impact: Successful exploitation will allow attacker to execute arbitrary code with the privileges of the application. Failed attacks may cause denial-of-service conditions. Impact Level: System/Application Affected Software/OS: Microsoft Internet Explorer version 5.x/6.x/7.x Fix: Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx References: http://secunia.com/advisories/27707 http://www.vupen.com/english/advisories/2008/1148/references http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
Cross-Ref:	BugTraq ID: 28552 Common Vulnerability Exposure (CVE) ID: CVE-2008-1085 Bugtraq: 20080414 Secunia Research: Internet Explorer Data Stream HandlingVulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/490840/100/0/threaded http://secunia.com/secunia_research/2007-100/advisory/ HPdes Security Advisory: HPSBST02329 http://marc.info/?l=bugtraq&m=120845064910729&w=2 HPdes Security Advisory: SSRT080048 Microsoft Security Bulletin: MS08-024 http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx Cert/CC Advisory: TA08-099A http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.securityfocus.com/bid/28552 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5563 http://www.vupen.com/english/advisories/2008/1148/references http://www.securitytracker.com/id?1019801 http://secunia.com/advisories/27707
Copyright	Copyright (C) 2011 Greenbone Networks GmbH