Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: MS06-021: Internet Explorer patch SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-021: Internet Explorer patch
MS06-021 - KB 916281

Fixes memory corruption that can lead to remote code execution, disclosure of sensitive information and creation of additional accounts on the host operating system.

Microsoft rates this patch as critical and considering an impact of remote code execution in the client system, for a browser we woould rate such a thing as very critical.

Microsoft claims the attack vector has to be web based, the use of it through outlook should not be possible.

Please note that this patch affects the issues in kb 917425 by terminating the compatibility period.

This includes a fix for publicly known bugs: CSS cross domain information disclosure (CVE-2005-4089) and  address bar spoofing (CVE-2006-1626).

Swa Frantzen -- section 66


760 Posts
Jun 13th 2006

Sign Up for Free or Log In to start participating in the conversation!