Windows : Microsoft Bulletins : Microsoft Internet Explorer Multiple Vulnerabilities (982381)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.902191

Category: Windows : Microsoft Bulletins

Title: Microsoft Internet Explorer Multiple Vulnerabilities (982381)

Summary: Check for the vulnerable 'Iepeers.dll' file version

Description:
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-035.

Vulnerability Insight:
Multiple flaws are due to:
- An error in the way the browser handles content using specific strings when
sanitizing HTML via the 'toStaticHTML' API.
- An uninitialized memory error when processing certain HTML data, which could
be exploited by attackers to execute arbitrary code via a malicious web page.
- Caching data and incorrectly allowing the cached content to be rendered as
HTML, which could allow attackers to bypass domain restrictions.

Impact:
Successful exploitation will let remote attackers to bypass security
restrictions, gain knowledge of sensitive information or compromise a
vulnerable system.

Impact Level: System/Application

Affected Software/OS:
Microsoft Internet Explorer version 5.x/6.x/7.x/8.x

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-035.mspx

References:
http://support.microsoft.com/kb/982381
http://www.vupen.com/english/advisories/2010/1392
http://www.microsoft.com/technet/security/Bulletin/MS10-035.mspx

Cross-Ref: BugTraq ID: 38056
BugTraq ID: 38547
BugTraq ID: 40410
BugTraq ID: 40414
BugTraq ID: 40416
BugTraq ID: 40417
Common Vulnerability Exposure (CVE) ID: CVE-2010-0255
Bugtraq: 20100203 CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/509345/100/0/threaded
http://isc.sans.org/diary.html?n&storyid=8152
http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag
Microsoft Security Bulletin: MS10-035
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx
Cert/CC Advisory: TA10-159B
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
BugTraq ID: 38055
http://www.securityfocus.com/bid/38055
http://www.securityfocus.com/bid/38056
http://osvdb.org/62156
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7145
Common Vulnerability Exposure (CVE) ID: CVE-2010-1257
Microsoft Security Bulletin: MS10-039
http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx
BugTraq ID: 40409
http://www.securityfocus.com/bid/40409
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6677
XForce ISS Database: ie-tostatichtml-information-disclosure(58866)
http://xforce.iss.net/xforce/xfdb/58866
Common Vulnerability Exposure (CVE) ID: CVE-2010-1259
http://osvdb.org/65215
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7324
Common Vulnerability Exposure (CVE) ID: CVE-2010-1260
http://osvdb.org/65213
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6686
Common Vulnerability Exposure (CVE) ID: CVE-2010-1261
http://osvdb.org/65214
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7124
Common Vulnerability Exposure (CVE) ID: CVE-2010-1262
Bugtraq: 20100608 ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/511727/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-102/
http://www.securityfocus.com/bid/40417
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7406

Copyright Copyright (C) 2010 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.902191
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Internet Explorer Multiple Vulnerabilities (982381)
Summary:	Check for the vulnerable 'Iepeers.dll' file version
Description:	Overview: This host is missing a critical security update according to Microsoft Bulletin MS10-035. Vulnerability Insight: Multiple flaws are due to: - An error in the way the browser handles content using specific strings when sanitizing HTML via the 'toStaticHTML' API. - An uninitialized memory error when processing certain HTML data, which could be exploited by attackers to execute arbitrary code via a malicious web page. - Caching data and incorrectly allowing the cached content to be rendered as HTML, which could allow attackers to bypass domain restrictions. Impact: Successful exploitation will let remote attackers to bypass security restrictions, gain knowledge of sensitive information or compromise a vulnerable system. Impact Level: System/Application Affected Software/OS: Microsoft Internet Explorer version 5.x/6.x/7.x/8.x Fix: Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-035.mspx References: http://support.microsoft.com/kb/982381 http://www.vupen.com/english/advisories/2010/1392 http://www.microsoft.com/technet/security/Bulletin/MS10-035.mspx
Cross-Ref:	BugTraq ID: 38056 BugTraq ID: 38547 BugTraq ID: 40410 BugTraq ID: 40414 BugTraq ID: 40416 BugTraq ID: 40417 Common Vulnerability Exposure (CVE) ID: CVE-2010-0255 Bugtraq: 20100203 CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/archive/1/509345/100/0/threaded http://isc.sans.org/diary.html?n&storyid=8152 http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag Microsoft Security Bulletin: MS10-035 http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html BugTraq ID: 38055 http://www.securityfocus.com/bid/38055 http://www.securityfocus.com/bid/38056 http://osvdb.org/62156 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7145 Common Vulnerability Exposure (CVE) ID: CVE-2010-1257 Microsoft Security Bulletin: MS10-039 http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx BugTraq ID: 40409 http://www.securityfocus.com/bid/40409 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6677 XForce ISS Database: ie-tostatichtml-information-disclosure(58866) http://xforce.iss.net/xforce/xfdb/58866 Common Vulnerability Exposure (CVE) ID: CVE-2010-1259 http://osvdb.org/65215 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7324 Common Vulnerability Exposure (CVE) ID: CVE-2010-1260 http://osvdb.org/65213 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6686 Common Vulnerability Exposure (CVE) ID: CVE-2010-1261 http://osvdb.org/65214 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7124 Common Vulnerability Exposure (CVE) ID: CVE-2010-1262 Bugtraq: 20100608 ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/511727/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-102/ http://www.securityfocus.com/bid/40417 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7406
Copyright	Copyright (C) 2010 SecPod