Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12175
HistoryApr 12, 2006 - 12:00 a.m.

ISS Protection Bried: ie_patch_ms_06-13

2006-04-1200:00:00
vulners.com
19
JSON

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Brief
April 11, 2006

Cumulative Security Update for Internet Explorer

Summary:
Microsoft has issued a cumulative security update for Internet Explorer.
This update addresses a number of critical issues that could affect IE
users to the extent of remote code execution.

Business Impact:
Compromise of the operating system can lead to exposure of
confidential information, loss of productivity, and further network
compromise. Successful exploitation of this vulnerability could
be used to gain unauthorized access to one.s networks and machines.

Description:

Internet Explorer createTextRange() Remote Code Execution Vulnerability:

This vulnerability allows attackers to invoke the createTextRange() method
on an object that was not intended to handle this operation. Internet
Explorer then attempts to make a call to a predictable location in
memory. This memory location a be preloaded with code the attacker would
like to have executed.

More detail on this vulnerability can be found in the following X-Force Alert:

http://xforce.iss.net/xforce/alerts/id/217

Internet Explorer HTA Download and Execute Vulnerability:

This vulnerability allows attackers to force a victim to download and execute
arbitrary HTA files without the user.s knowledge. Scripts can be embedded
within HTA files and should not be trusted. As such, Internet Explorer normally
prompts users before downloading HTA files. Running a malicious HTA file could
lead to the compromise of sensitive information, download and execution
of additional malicious files, etc.

For the complete ISS X-Force Security Alert, please visit:
http://xforce.iss.net/xforce/alerts/id/220

About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted security advisor to
thousands of the world.s leading businesses and governments, providing
preemptive protection for networks, desktops and servers. An established
leader in security since 1994, ISS. integrated security platform
automatically protects against both known and unknown threats, keeping
networks up and running and shielding customers from online attacks before
they impact business assets. ISS products and services are based
on the proactive security intelligence of its X-Forceยฎ research and
development team . the unequivocal world authority in vulnerability and
threat research. ISS. product line is also complemented by
comprehensive Managed Security Services. For more information, visit
the Internet Security Systems Web site at www.iss.net or call 800-776-2362.

Copyright (c) 2006 Internet Security Systems, Inc. All rights reserved
worldwide.

This document is not to be edited or altered in any way without the
express written consent of Internet Security Systems, Inc. If you wish
to reprint the whole or any part of this document, please email

[email protected] for permission. You may provide links to this document
from your web site, and you may make copies of this document in
accordance with the fair use doctrine of the U.S. copyright laws.

Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force

[email protected] of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBRDwDmzRfJiV99eG9AQFFDwQAoIUKhVAIof2aUwQRAUwfWfMnU2zvCKel
3oYMXHzGyeV2IoODZtPsP28C95w4i+5L8Hw+XPuJqiRie/ipkucMIOOSq7RBSiCY
fpXghMedl31EBz+2D6FQyvcGwIh9kSF/fcrBlzqxrVCbdv9F7ZmiQih3VZX/4uXr
2hExOkeG5d4=
=C3Tz
-----END PGP SIGNATURE-----

JSON