Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Multiple Vulnerabilities in Microsoft Internet Explorer - 21 Aug 2003
Two new vulnerabilities exist in Microsoft Internet Explorer (IE), the most serious of which can result in the execution of arbitrary code on the vulnerable computer.
Ken Pfeil
August 20, 2003
2 Min Read
Reported August 20, 2003, byMicrosoft.
VERSIONS AFFECTED
Microsoft Internet Explorer (IE) 6.0 for Windows Server 2003
Microsoft IE 6.0, 5.5, and 5.01
DESCRIPTION
Two new vulnerabilities exist in Microsoft InternetExplorer (IE), the most serious of which can result in the execution ofarbitrary code on the vulnerable computer. These two new vulnerabilities are asfollows:
A vulnerability in IE's cross-domain security model can result in the execution of script in the My Computer zone. The flaw exists because a file from the Internet or intranet containing a maliciously constructed URL can appear in the browser cache running in the My Computer zone.
A vulnerability occurs because IE doesn't properly determine an object type that a Web server returns. An attacker can exploit this vulnerability by running arbitrary code on a user's system.
VENDOR RESPONSE
Microsoft hasreleased Security Bulletin MS03-032,"Cumulative Patch for Internet Explorer (822925)," to address thesevulnerabilities and recommends that affected users apply the appropriate patchmentioned in the bulletin.
CREDIT
Discoveredby Yu-Arai of LAC, eEyeDigital Security and Greg Jones from KPMG UK.
Read more about:
MicrosoftAbout the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
