|
Saturday, 12 December 2009 04:56 |
On Tuesday, December 8, Microsoft has released MS09-072 - Cumulative Security Update for Internet Explorer (976325). This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution. The security update addresses these vulnerabilities by correcting the control and by modifying the way that Internet Explorer handles objects in memory. Microsoft ratings for MS09-072: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution MS09-072 addresses the following CVEs: ATL COM Initialization Vulnerability - CVE-2009-2493 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493 A remote code execution vulnerability exists in an ActiveX control built with vulnerable Microsoft Active Template Library (ATL) headers. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. Components and controls built using ATL could allow the instantiation of arbitrary objects that can bypass related security policy, such as kill bits within Internet Explorer. Therefore, this vulnerability could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. Uninitialized Memory Corruption Vulnerability - CVE-2009-3671 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3671 A remote code execution vulnerability exists
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984218&poid=
|
