=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN122
_____________________________________________________________________

DATE                      : 09/04/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Internet Explorer.

======================================================================

MS08-024 Cumulative Security Update for Internet Explorer

This security update resolves one privately reported vulnerability. The
vulnerability could allow remote code execution if a user viewed a
specially crafted Web page using Internet Explorer. Users whose accounts
are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.

The security update is rated Critical for all supported releases of
Internet Explorer.

The update removes the vulnerability by modifying the way that Internet
Explorer processes data streams.

Microsoft recommends that customers apply the update immediately.

Affected Software

    o Internet Explorer 7
    o Internet Explorer 6 Service Pack 1
    o Internet Explorer 6
    o Internet Explorer 5.01 Service Pack 4
    o Internet Explorer 5.01

Vulnerability Information

Data Stream Handling Memory Corruption Vulnerability - CVE-2008-1085

A remote code execution vulnerability exists in Internet Explorer because
of the way that it processes data streams. An attacker could exploit the
vulnerability by constructing a specially crafted Web page. When a user
views the Web page, the vulnerability could allow remote code execution.
An attacker who successfully exploited this vulnerability could gain the
same user rights as the logged on user.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================