NUEVAS VULNERABILIDADES que afectan a Microsoft Internet Explorer.

Dos nuevas vulenrabildiades que afectan al navegador Internet Explorer han sido encontradas.

1. Microsoft Internet Explorer URLMON Sniffing Cross Domain Information Disclosure Vulnerability

Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability.

An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks.

REFERENCIA DE LA VULNERABILIDAD.


2. Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Vulnerability

Microsoft Internet Explorer is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

REFERENCIA DE LA VULNERABILIDAD.

Published: Feb 03 2010  | Updated: Feb 03 2010

fuente: securityfocus.com

VULNERABILIDAD, Microsoft Internet Explorer ‘Style’ Object Remote Code Execution Vulnerability

Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Internet Explorer 6 and 7 on Windows XP and Vista are vulnerable; other versions may also be affected.

REFERENCIA DE LA VULNERABILIDAD

EXPLOITS

Microsoft Security Advisory 977981

fuente: securityfocus.com




VULNERABILIDAD. Microsoft Internet Explorer File Download Denial of Service Vulnerability

Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to trigger an application hang the affected browser, resulting in denial-of-service conditions.

Published:       Apr 11 2009 12:00AM
Updated:            Apr 11 2009 12:00AM

EXPLOIT

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

ie-logo_2

VULNERABILIDAD. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

REFERENCIA DE LA VULNERABILIDAD

The issue is being exploited in the wild, in targeted attacks.

The following proof-of-concept code is available:

data/vulnerabilities/exploits/33627.js


fuente: securityfocus

internet-explorer1

VULNERABILIDAD. Microsoft Internet Explorer 6 RDS.DataControl Denial of Service Vulnerability

Microsoft Internet Explorer version 6 is reportedly prone to a denial-of-service vulnerability because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers.

This issue is triggered when an attacker convinces a victim user to activate a malicious ActiveX control object.

Remote attackers may exploit this issue to crash Internet Explorer 6, effectively denying service to legitimate users.

A stack-based heap overflow may be possible, and as a result, remote code execution in the context of the user running the affected application may occur. This has not been confirmed.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

internet-explorer