Warp2Search.net » News » November 2003 » Cumulative Security Update For Internet Explorer November 2003
Cumulative Security Update For Internet Explorer November 2003
Posted by: [PM] on: 11/11/2003 09:39 PM [ Print | 6 comment(s) ] · 3228 views
Microsoft has posted a new cumulative security update for it's web browser software Internet Explorer version 5.01 SP2 up to version 6 SP1. All Windows operating system versions need to be patched. Again this is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following five newly-discovered vulnerabilities:
Three vulnerabilities that involve the cross-domain security model of Internet Explorer, which keeps windows of different domains from sharing information. These vulnerabilities could result in the execution of script in the My Computer zone. To exploit one of these vulnerabilities, an attacker would have to host a malicious Web site that contains a Web page that is designed to exploit the particular vulnerability and then persuade a user to view the Web page. The attacker could also create an HTML e-mail message that designed to exploit one of these vulnerabilities and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who exploited one of these vulnerabilities could access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system. This code would run in the security context of the currently logged on user. A vulnerability that involves the way that zone information is passed to an XML object within Internet Explorer. This vulnerability could allow an attacker to read local files on a user's system. To exploit this vulnerability, an attacker would have to host a malicious Web site that contains a Web page that is designed to exploit the particular vulnerability and then persuade a user to view the Web page. The attacker could also create an HTML e-mail message that is designed to exploit this vulnerability and persuade the user to view the HTML e-mail message. After the user visits the malicious Web site or views the malicious HTML e-mail message, the user would then be prompted to download an HTML file. If the user accepts the download of this HTML file, an attacker could read local files that are in a known location on the user's system. A vulnerability that involves performing a drag-and-drop operation during dynamic HTML (DHTML) events in Internet Explorer. This vulnerability could allow a file to be saved in a target location on the user's system if the user clicks a link. No dialog box would request that the user approve this download. To exploit one of these vulnerabilities, an attacker would have to host a malicious Web site that contains a Web page that has a specially-crafted link. The attacker would then have to persuade a user to click that link. The attacker could also create an HTML e-mail message that has a specially-crafted link, and then persuade the user to view the HTML e-mail message and then click the malicious link. If the user clicked this link, code of the attacker's choice could be saved on the user's computer in a targeted location. More information & download
Three vulnerabilities that involve the cross-domain security model of Internet Explorer, which keeps windows of different domains from sharing information. These vulnerabilities could result in the execution of script in the My Computer zone. To exploit one of these vulnerabilities, an attacker would have to host a malicious Web site that contains a Web page that is designed to exploit the particular vulnerability and then persuade a user to view the Web page. The attacker could also create an HTML e-mail message that designed to exploit one of these vulnerabilities and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who exploited one of these vulnerabilities could access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system. This code would run in the security context of the currently logged on user. A vulnerability that involves the way that zone information is passed to an XML object within Internet Explorer. This vulnerability could allow an attacker to read local files on a user's system. To exploit this vulnerability, an attacker would have to host a malicious Web site that contains a Web page that is designed to exploit the particular vulnerability and then persuade a user to view the Web page. The attacker could also create an HTML e-mail message that is designed to exploit this vulnerability and persuade the user to view the HTML e-mail message. After the user visits the malicious Web site or views the malicious HTML e-mail message, the user would then be prompted to download an HTML file. If the user accepts the download of this HTML file, an attacker could read local files that are in a known location on the user's system. A vulnerability that involves performing a drag-and-drop operation during dynamic HTML (DHTML) events in Internet Explorer. This vulnerability could allow a file to be saved in a target location on the user's system if the user clicks a link. No dialog box would request that the user approve this download. To exploit one of these vulnerabilities, an attacker would have to host a malicious Web site that contains a Web page that has a specially-crafted link. The attacker would then have to persuade a user to click that link. The attacker could also create an HTML e-mail message that has a specially-crafted link, and then persuade the user to view the HTML e-mail message and then click the malicious link. If the user clicked this link, code of the attacker's choice could be saved on the user's computer in a targeted location. More information & download
« Star Wars Jedi Knight: Jedi Academy Update 1.01 · Cumulative Security Update For Internet Explorer November 2003
· 3DMark 340 patch performance and IQ comparison »
Comment
|
Lithorus Unregistered |
#49422 Posted on: 11/11/2003 10:11 PM
Why is it that everytime I load up IE it's only to patch it? |
Comment
|
Nest Junior Member Posts: 5 Joined: 2003-04-16 |
#49429 Posted on: 11/12/2003 12:27 AM
you must not get online for months! |
Comment
|
FailedCRC Unregistered |
#49436 Posted on: 11/12/2003 09:26 AM
No, what he means is - he doesn't use IE because it sucks |
Comment
|
neo-n Junior Member Posts: 1 Joined: 2003-10-28 |
#49441 Posted on: 11/12/2003 12:29 PM
It does suck, but thankfully not as much as mozila or opera. |
Comment
|
hamslammer Unregistered |
#49445 Posted on: 11/12/2003 02:43 PM
If you think this then you haven't tried Mozilla Firebird. It blows IE out of the water. I gave up IE a long time ago. |
Comment
|
BetrayerX Unregistered |
#49463 Posted on: 11/12/2003 10:19 PM
I concur. |
