=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN531
_____________________________________________________________________

DATE                      : 15/11/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Internet Explorer 5.01,
                                             Internet Explorer 6.

======================================================================

MS06-067 - Cumulative Security Update for Internet Explorer (922760)

Affected Software:
    - Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
    - Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4
    - Internet Explorer 6 for Windows XP Service Pack 2
    - Internet Explorer 6 for Windows XP Professional x64 Edition
    - Internet Explorer 6 for Windows Server 2003 and Windows
      Server 2003 Service Pack 1
    - Internet Explorer 6 for Windows Server 2003 for Itanium-based
      Systems and Windows Server 2003 with SP1 for Itanium-based Systems
    - Internet Explorer 6 for Windows Server 2003 x64 Edition

Full MS06-067 advisory:
    -  http://www.microsoft.com/technet/security/Bulletin/MS06-067.mspx

Vulnerability Details

DirectAnimation ActiveX Controls Memory Corruption Vulnerabilities:
CVE-2006-4446 and CVE-2006-4777

     Remote code execution vulnerabilities exist in DirectAnimation ActiveX
     controls that could be exploited if the ActiveX controls are passed
     unexpected data. An attacker could exploit these vulnerabilities by
     constructing a specially crafted Web page that could potentially allow
     remote code execution if a user visited the specially crafted Web page.
     An attacker who successfully exploited these vulnerabilities could take
     complete control of an affected system.


HTML Rendering Memory Corruption Vulnerability:
CVE-2006-4687

     A remote code execution vulnerability exists in the way Internet Explorer
     interprets HTML with certain layout combinations. An attacker could
     exploit the vulnerability by constructing a specially crafted Web page
     that could potentially allow remote code execution if a user viewed the
     Web page. An attacker who successfully exploited this vulnerability could
     take complete control of an affected system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================