Next Page >>
Microsoft Internet Explorer
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
1. *Advisory Information*
Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing
Hash: SHA1
~ Core Security Technologies - CoreLabs Advisory
~ http://www.coresecurity.com/corelabs/
Internet Explorer Zone Elevation Restrictions Bypass and Security Zone
Restrictions Bypass
*Advisory Information*
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Internet Explorer Security Zone restrictions bypass
1. *Advisory Information*
Title: Internet Explorer Security Zone restrictions bypass
A vulnerability was discovered in these three popular versions of AOL
Instant Messaging software, AIM 6.1 (and 6.2 beta), AIM Pro and AIM Lite,
which expose workstations running the IM clients and their users to
several immediate high-risk attack vectors. To support rendering of HTML
content, the vulnerable IM clients use an embedded Internet Explorer
server control. Unfortunately they do not properly sanitize the
potentially malicious input content to be rendered and, as a result, an
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
A vulnerability was discovered in these three popular versions of AOL
Instant Messaging software, AIM 6.1 (and 6.2 beta), AIM Pro and AIM Lite,
which expose workstations running the IM clients and their users to
several immediate high-risk attack vectors. To support rendering of HTML
content, the vulnerable IM clients use an embedded Internet Explorer
server control. Unfortunately they do not properly sanitize the
potentially malicious input content to be rendered and, as a result, an
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 09, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website: http://www.microsoft.com/ie/
II. DESCRIPTION
VUPEN Security Research - Microsoft Internet Explorer
"OnPropertyChange_Src()" Use-after-free Vulnerability (CVE-2010-2556)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE"
Use-after-free Vulnerability
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 12, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, visit following URL.
http://www.microsoft.com/ie/
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 11, 2007
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. and included as part of Microsoft Windows since 1995. The
setExpression method is commonly used to assign a JavaScript expression
to a CSS or DHTML object within a web page. For more information, visit
the following URLs.
------------------------------------------------------------------------
Tested version
------------------------------------------------------------------------
This issue was tested on Akamai Download Manager version 2.2.4.8 using
Windows XP SP3 running Internet Explorer 6, 7 & 8 and Windows Vista
running Internet Explorer 8.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
VUPEN Security Research - Microsoft Internet Explorer "CIframeElement"
Object Use-after-free Vulnerability (CVE-2010-2558)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
VUPEN Security Research - Microsoft Internet Explorer "mshtml.dll" Dangling
Pointer Vulnerability (CVE-2011-0036)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
#######################################################################
Vulnerability 1: Internet Explorer Select Element Remote Code Execution
#######################################################################
Original advisory:
http://ifsec.blogspot.com/2011/10/internet-explorer-select-element-remote.html
I. OVERVIEW
There is a vulnerability in Internet Explorer which enables execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-289
October 15, 2011
- -- CVE ID:
CVE-2011-2000
NSFOCUS Security Advisory(SA2011-01)
Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability
Release Date: 2011-06-15
CVE ID: CVE-2011-1250
http://www.nsfocus.com/en/advisories/1101.html
BLUE MOON SECURITY ADVISORY 2009-04
===================================
:Title: Remote Denial of Service in Internet Explorer
:Severity: Moderate
:Reporter: Blue Moon Consulting
:Products: Internet Explorer 7 and 8
:Fixed in: --
ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-196
June 14, 2011
-- CVE ID:
CVE-2011-1262
-- CVSS:
VUPEN Security Research - Microsoft Internet Explorer Animation
Use-after-free Vulnerability (VUPEN-SR-2010-199)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
""Microsoft Internet Explorer is a web browser developed by Microsoft and
VUPEN Security Research - Microsoft Internet Explorer Table Element
Use-after-free Vulnerability (CVE-2010-2560)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
VUPEN Security Research - Microsoft Internet Explorer Property Change Memory
Corruption (CVE-2011-1345)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
/*
This code is for a DLL that loads into Internet Explorer as a BHO and
modifies MSHTML.DLL in memory to render attempts to exploit this new
IE vulnerability inert. It does that by forcing a "controlled crash"
at a high address, instead of letting EIP reach an MSHTML-dependent
address that could fall within the heap-sprayable zone. It's not a
patch, or a "fix" in any pure sense -- it's just a mitigation.
The vulnerability details I've figured out are that
3. *Vulnerability Description*
Microsoft Windows is prone to a memory corruption vulnerability when
instantiating the 'HtmlDlgHelper Class Object' in a Microsoft Office
Document (ie: .XLS, .DOC). The affected vulnerable module is part of
Internet Explorer ('mshtmled.dll'). This vulnerability could be used by
a remote attacker to execute arbitrary code with the privileges of the
user that opened the malicious file.
4. *Vulnerable packages*
ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-071
October 13, 2009
-- CVE ID:
CVE-2009-2531
-- Affected Vendors:
Microsoft
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-194
June 14, 2011
-- CVE ID:
CVE-2011-1260
-- CVSS:
Neat PoC. However, this requires the users to have configured IE to run
Active-X content. On my test machines, I was prompted by the Browser
before the code ran. Surprisingly, CSA never stopped it.
I tested this on:
Internet Explorer 7 on Windows XP 32-bit w/ Cisco Security Agent
v5.0.0.176
Internet Explorer 7 on Vista 32-bit (no CSA)
Thanks,
--------------------------------------------------
From: "MustLive" <mustlive@websecurity.com.ua>
Sent: Monday, May 31, 2010 9:33 PM
To: "Susan Bradley" <sbradcpa@pacbell.net>
Cc: <bugtraq@securityfocus.com>
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
> Hello Susan and other readers, who replied to my previous advisory.
>
> Earlier I've already answered Vladimir, now I'd answer Susan and soon I'd
ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory
Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-037
June 10, 2009
-- CVE ID:
CVE-2009-1528
-- Affected Vendors:
Microsoft
VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free
Vulnerability (CVE-2011-0094)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-070
October 13, 2009
-- CVE ID:
CVE-2009-2530
-- Affected Vendors:
Microsoft
Next Page>>
|
