Threat Level: green Handler on Duty: Mark Hofman

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-021: Internet Explorer patch

Published: 2006-06-13
Last Updated: 2006-06-13 20:18:58 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
MS06-021 - KB 916281

Fixes memory corruption that can lead to remote code execution, disclosure of sensitive information and creation of additional accounts on the host operating system.

Microsoft rates this patch as critical and considering an impact of remote code execution in the client system, for a browser we woould rate such a thing as very critical.

Microsoft claims the attack vector has to be web based, the use of it through outlook should not be possible.

Please note that this patch affects the issues in kb 917425 by terminating the compatibility period.

This includes a fix for publicly known bugs: CSS cross domain information disclosure (CVE-2005-4089) and  address bar spoofing (CVE-2006-1626).

--
Swa Frantzen -- section 66


Keywords:
0 comment(s)
Diary Archives