=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN156
_____________________________________________________________________

DATE                      : 15/04/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Internet Explorer.

======================================================================
KB963027
http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx
______________________________________________________________________

Microsoft Security Bulletin MS09-014 - Critical

Cumulative Security Update for Internet Explorer (963027)

   Published: April 14, 2009

   Version: 1.0

General Information

Executive Summary

   This security update resolves four privately reported vulnerabilities and
   two publicly disclosed vulnerabilities in Internet Explorer. The
   vulnerabilities could allow remote code execution if a user views a
   specially crafted Web page using Internet Explorer or if a user connects
   to an attacker's server by way of the HTTP protocol. Users whose accounts
   are configured to have fewer user rights on the system could be less
   impacted than users who operate with administrative user rights.

   This security update is rated Critical for Internet Explorer 5.01 and
   Internet Explorer 6 Service Pack 1, running on supported editions of
   Microsoft Windows 2000; Internet Explorer 6 and Internet Explorer 7
   running on supported editions of Windows XP; and Internet Explorer 7
   running on supported editions of Windows Vista. For Internet Explorer 6
   and Internet Explorer 7 running on supported editions of Windows Server
   2003 and Windows Server 2008, this security update is rated Important.
   For more information, see the subsection, Affected and Non-Affected
   Software, in this section.

   The security update addresses these vulnerabilities by modifying the way
   that Internet Explorer searches the system for files to load, performs
   authentication reply validation, handles transition errors when navigating
   between Web pages, and handles memory objects. For more information about
   the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection
   under the next section, Vulnerability Information.

Affected Software

   Internet Explorer 5.01 Service Pack 4 when installed on Microsoft Windows
     2000 Service Pack 4
   Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows
     2000 Service Pack 4
   Internet Explorer 6 for Windows XP Service Pack 2 and Windows XP Service
     Pack 3
   Internet Explorer 6 for Windows XP Professional x64 Edition and Windows
     XP Professional x64 Edition Service Pack 2
   Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows
     Server 2003 Service Pack 2
   Internet Explorer 6 for Windows Server 2003 x64 Edition and Windows Server
     2003 x64 Edition Service Pack 2
   Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based
     Systems and Windows Server 2003 with SP2 for Itanium-based Systems
   Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service
     Pack 3
   Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP
     Professional x64 Edition Service Pack 2
   Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows
     Server 2003 Service Pack 2
   Internet Explorer 7 for Windows Server 2003 x64 Edition and Windows Server
     2003 x64 Edition Service Pack 2
   Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based
     Systems and Windows Server 2003 with SP2 for Itanium-based Systems
   Internet Explorer 7 in Windows Vista and Windows Vista Service Pack 1
   Internet Explorer 7 in Windows Vista x64 Edition and Windows Vista x64
     Edition Service Pack 1
   Internet Explorer 7 in Windows Server 2008 for 32-bit Systems*
   Internet Explorer 7 in Windows Server 2008 for x64-based Systems*
   Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems

   *Windows Server 2008 server core installation not affected.

Vulnerability Information

Blended Threat Remote Code Execution Vulnerability - CVE-2008-2540

A blended threat remote code execution vulnerability exists in the way that
Internet Explorer locates and opens files on the system. An attacker could
exploit the vulnerability by constructing a specially crafted Web page.
When a user views the Web page, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability could
gain the same user rights as the logged-on user. If a user is logged on
with administrative user rights, an attacker who successfully exploited
this vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights.

WinINet Credential Reflection Vulnerability - CVE-2009-0550

A remote code execution vulnerability exists in the way that WinINet
handles NTLM credentials when a user connects to an attacker's server by
way of the HTTP protocol. This vulnerability allows an attacker to replay
the user's credentials back to the attacker and to execute code in the
context of the logged-on user. If a user is logged on with administrative
user rights, an attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.

Page Transition Memory Corruption Vulnerability - CVE-2009-0551

A remote code execution vulnerability exists in the way Internet Explorer
handles transition when navigating between Web pages. As a result, system
 memory may be corrupted in such a way that an attacker could execute
arbitrary code if a user visited a specially crafted Web site. An attacker
who successfully exploited this vulnerability could gain the same user
rights as the logged-on user. If a user is logged on with administrative
user rights, an attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.

Uninitialized Memory Corruption Vulnerability - CVE-2009-0552

A remote code execution vulnerability exists in the way Internet Explorer
accesses an object that has not been correctly initialized or has been
deleted. An attacker could exploit the vulnerability by constructing a
specially crafted Web page. When a user views the Web page, the
vulnerability could allow remote code execution. An attacker who
successfully exploited this vulnerability could gain the same user rights
as the logged-on user. If a user is logged on with administrative user
rights, an attacker who successfully exploited this vulnerability could
take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.

Uninitialized Memory Corruption Vulnerability - CVE-2009-0553

A remote code execution vulnerability exists in the way Internet Explorer
accesses an object that has not been correctly initialized or has been
deleted. An attacker could exploit the vulnerability by constructing a
specially crafted Web page. When a user views the Web page, the
vulnerability could allow remote code execution. An attacker who
successfully exploited this vulnerability could gain the same user rights
as the logged-on user. If a user is logged on with administrative user
rights, an attacker who successfully exploited this vulnerability could
take complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full
user rights.

Uninitialized Memory Corruption Vulnerability - CVE-2009-0554

A remote code execution vulnerability exists in the way Internet Explorer
accesses an object that has not been initialized or has been deleted. An
attacker could exploit the vulnerability by constructing a specially
crafted Web page. When a user views the Web page, the vulnerability could
allow remote code execution. An attacker who successfully exploited this
vulnerability could gain the same user rights as the logged-on user.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================