Related information

Microsoft Internet Explorer Multiple security vulnerabilities

FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability

ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability

ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability

ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability

From:	CERT <cert_(at)_cert.gov>
Date:	22.01.2010
Subject:	US-CERT Technical Cyber Security Alert TA10-021A -- Microsoft Internet Explorer Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                   National Cyber Alert System

             Technical Cyber Security Alert TA10-021A


Microsoft Internet Explorer Vulnerabilities

  Original release date:
  Last revised: --
  Source: US-CERT


Systems Affected

    * Microsoft Internet Explorer


Overview

  Microsoft has released out-of-band updates to address critical
  vulnerabilities in Internet Explorer.


I. Description

  Microsoft has released updates for multiple vulnerabilities in
  Internet Explorer, including the vulnerability detailed in
  Microsoft Security Advisory 979352 and US-CERT Vulnerability Note
  VU#49251.


II. Impact

  By convincing a user to view a specially crafted HTML document or
  Microsoft Office document, an attacker may be able to execute
  arbitrary code with the privileges of the user.


III. Solution

  Apply updates
  
  Microsoft has released updates to address these vulnerabilities.
  Please see Microsoft Security Bulletin MS10-002 for more
  information.
  
  Apply workarounds
  
  Microsoft has provided workarounds for some of the vulnerabilities
  in MS10-002.


IV. References

* Microsoft Security Bulletin MS10-002 -
  <http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx>

* Microsoft Security Advisory 979352 -
  <http://www.microsoft.com/technet/security/advisory/979352.mspx>

* US-CERT Vulnerability Note VU#49251 -
  <http://www.kb.cert.org/vuls/id/492515>

____________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA10-021A.html>
____________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA10-021A Feedback VU#49251" in
  the subject.
____________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

  Produced 2010 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History
 
 January 21, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS1i9/C/E9ke+6HGsAQJdMQgA0HJlKy01j6rUpcpU9VHnGgPv56akxzac
YQIWL0n3ggsc6EKcDM6Nnes6+VXFuZyNuzw16S2sTSh13PLjRiAdEtM3a5k/TDrX
LdUEzipjYnXm0jn7EwGpoxNOHFI1fIaQhnQuWhM9S3Ri4lClROl0NZSAJnjIy7sU
UiTuIkN2x/nTmYwgVXX4bczRFStgcqkcv16BHIChXqHO/zOGK0ACO/b8oG0zIHPg
rEsvPy86M7v5LCNGGf6+H3bkcwjoWEOcPuXhpQkJT7BDWsz8F+kUCvCdMbbmTFzZ
d0cdSCKyS7Wo9iBGBmD8R84GIALwnTyRdr9QtiFlA4UWOScV/7JFQQ==
=L4w6
-----END PGP SIGNATURE-----