===================================================================== CERT-Renater Note d'Information No. 2006/VULN557 _____________________________________________________________________ DATE : 13/12/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Internet Explorer. ====================================================================== MS06-072 - Cumulative Security Update for Internet Explorer (925454) Affected Software: - Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4 - Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4 - Internet Explorer 6 for Windows XP Service Pack 2 - Internet Explorer 6 for Windows XP Professional x64 Edition - Internet Explorer 6 for Windows Server 2003 and Windows Server 2003 Service Pack 1 - Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems - Internet Explorer 6 for Windows Server 2003 x64 Edition Full MS06-072 Advisory: - http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx Vulnerability Details Script Error Handling Memory Corruption Vulnerability CVE-2006-5579 A remote code execution vulnerability exists in Internet Explorer due to attempts to access previously freed memory when handling script errors in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. DHTML Script Function Memory Corruption Vulnerability CVE-2006-5581 A remote code execution vulnerability exists in the way Internet Explorer interprets certain DHTML script function calls to incorrectly created elements. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. TIF Folder Information Disclosure Vulnerability CVE-2006-5578 An information disclosure vulnerability exists in Internet Explorer in the way that drag and drop operations are handled in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed and interacted with the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a users system. TIF Folder Information Disclosure Vulnerability CVE-2006-5577 An information disclosure vulnerability exists in Internet Explorer in certain scenarios where the path to the cached content in the TIF folder could be disclosed. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a users system. However, user interaction is required to exploit this vulnerability. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================