TITLE:
Microsoft Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA15368
VERIFY ADVISORY:
http://secunia.com/advisories/15368/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Exposure of sensitive information, System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
DESCRIPTION:
Five vulnerabilities have been reported in Microsoft Internet
Explorer, which can be exploited by malicious people to view
potentially sensitive information, to trick users into downloading
and executing arbitrary programs, and to compromise a user's system.
1) A design error in the processing of keyboard shortcuts for certain
security dialogs can e.g. be exploited to delay the "File Download"
dialog box and trick users into executing a malicious ".bat" file
after pressing the "r" key.
2) A design error in the processing of mouse clicks in new browser
windows and the predictability of the position of the "File Download"
dialog box can be exploited to trick the user into clicking on the
"Run" button of the dialog box. This is exploited by first causing a
"File Download" dialog box to be displayed underneath a new browser
window, and then tricking the user into double-clicking within a
specific area in the new window. This will result in an unintended
click of the "Run" button in the hidden "File Download" dialog box.
3) An error exists in Internet Explorer when used with a HTTPS proxy
server that requires clients to use Basic Authentication. This may
cause web addresses that are sent from Internet Explorer to be
disclosed to a third-party even when HTTPS connection is used.
4) An error exists when certain COM objects that are not intended to
be used with Internet Explorer are instantiated in Internet Explorer.
This can be exploited to execute arbitrary code via a malicious
webpage that instantiates a vulnerable COM object.
This is related to:
SA16480
5) An error exists in the initialisation of certain objects when the
"window()" function is used in conjunction with the "<body onload>"
event. This can be exploited to execute arbitrary code via a
malicious webpage.
For more information:
SA15546
The vulnerabilities #1, #2, and #5 have been confirmed on a fully
patched system with Internet Explorer 6.0 and Microsoft Windows XP
SP2. Other versions may also be affected.
SOLUTION:
Apply patches.
Internet Explorer 5.01 SP 4 on Microsoft Windows 2000 (requires SP
4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4005B74A-D6E6-4A32-A3B1-276686B4A428
Internet Explorer 6 SP 1 on Microsoft Windows 2000 (requires SP 4) or
on Microsoft Windows XP (requires SP 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=A8443CD2-D98D-427B-9F0E-BD7E19FCB994
Internet Explorer 6 for Microsoft Windows XP (requires SP 2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=E4B5BA57-D4F2-4798-9154-2869E371C9D1
Internet Explorer 6 for Microsoft Windows Server 2003 (with or
without SP 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=9D70FB20-C7C9-43AF-A864-6DBC9A542CC6
Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium) (with
or without SP 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=1EE790B9-E596-4344-AEC3-FCB3289D7E9C
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8E9C23E5-7988-42DA-A8BD-2C1A534BF995
Internet Explorer 6 for Microsoft Windows XP Professional x64
Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E1652B4A-6339-4B31-8ACF-D2A844C24F70
For Microsoft Windows 98, Microsoft Windows 98 SE, and Microsoft
Windows Millennium Edition, see the vendors original advisory.
PROVIDED AND/OR DISCOVERED BY:
1) Andreas Sandblad, Secunia Research
2) Jakob Balle, Secunia Research
4) Will Dormann, CERT/CC
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2005-7/advisory/
http://secunia.com/secunia_research/2005-21/advisory/
MS05-054 (KB905915):
http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx
TITLE:
Microsoft Windows Kernel APC Queue List Handling Privilege Escalation
SECUNIA ADVISORY ID:
SA15821
VERIFY ADVISORY:
http://secunia.com/advisories/15821/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an error in the Kernel when
processing items in the APC (Asynchronous Procedure Call) queue list.
This can be exploited by logon users to gain escalated privileges by
running a malicious program.
Successful exploitation requires a valid logon to the affected
system.
SOLUTION:
Apply patches.
Microsoft Windows 2000 (requires SP 4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3832FF23-6B04-4CA2-80B9-D344B4CC98EA
PROVIDED AND/OR DISCOVERED BY:
The vendor credits eEye Digital Security.
ORIGINAL ADVISORY:
MS05-055 (KB908523):
http://www.microsoft.com/technet/security/Bulletin/MS05-055.mspx
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic