CERT-In Vulnerability Note CIVN-2006-44
Multiple Vulnerabilities in Internet Explorer

Original Issue Date: June 14, 2006

Severity Rating: High

Systems Affected

•  Microsoft Internet Explorer 5.01 on Microsoft Windows 2000 Service Pack 4
•  Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
•  Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows XP Service Pack 1
•  Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
•  Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
•  Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 Service Pack 1
•  Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
•  Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 (Itanium)
•  Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
•  Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
•  Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
•  Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 SE
•  Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows Millennium Edition

Overview

Multiple vulnerabilities has been reported in Internet Explorer which could exploited by malicious users to disclose sensitive information, or display spoofed content by spoofing or phishing attack and compromise the affected system.

Description

Exception Handling Memory Corruption Vulnerability - CVE-2006-2218

A vulnerability has been reported in Microsoft Internet Explorer when it handles exceptional conditions that can corrupt system memory which could allow a remote attacker to execute arbitrary commands on the affected system.

HTML Decoding Memory Corruption Vulnerability - CVE-2006-2382

A remote code execution vulnerability exists in Microsoft Internet Explorer because of failure to properly decode UTF-8 encoded HTML. This could allow an attacker to get complete control of the system with full user rights by constructing a specially crafted web page.

ActiveX Control Memory Corruption Vulnerability - CVE-2006-2383

A remote code execution vulnerability exists in Microsoft Internet Explorer DXImageTransform.Microsoft.Light ActiveX control in the way it fails to validate input if unexpected data is passed. This vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system.

COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-1303

This vulnerability is caused when Internet Explorer instantiates certain COM objects (e.g. Wmm2fxa.dll) as ActiveX controls those are not intended to be instantiated in IE when a user open specially crafted web page. This vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system.

CSS Cross-Domain Information Disclosure Vulnerability - CVE-2005-4089

An information disclosure vulnerability exists in Microsoft Internet Explorer in the way it interprets a specially crafted document as a cascading style sheet (CSS). This vulnerability could be exploited by attacker to read file data from other Internet Explorer domain by constructing a specially crafted Web page and enticing a user to visit the same.

Address Bar Spoofing Vulnerability - CVE-2006-2384

An address Bar Spoofing vulnerability exists in Microsoft Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI can be displayed from trusted Web sites but the content of the window contains the attacker's Web page.

MHT Memory Corruption Vulnerability - CVE-2006-2385

A remote code execution vulnerability exists in Microsoft Internet Explorer due to error while saving a specially crafted web page as a multipart HTML (.mht) file. This vulnerability could allow a remote attacker to execute arbitrary code and can take complete control on affected system however significant user interaction is required for exploitation.

Address Bar Spoofing Vulnerability - CVE-2006-1626

An address Bar Spoofing vulnerability exists in Microsoft Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI can be displayed from trusted Web sites but the content of the window contains the attacker's Web page. For details refer to CIVN-2006-29

Workarounds

• Disable active scripting or configure Internet Explorer to prompt before running Active Scripting. 
• Add trusted sites to Internet Explorer's Trusted sites zone.
• Read e-mail messages in plain text while using Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version
• Do not use the “Save As…” command in Internet Explorer to save untrusted Web pages as “Web Archive, single file (*.mht).
• Exercise caution while visiting untrusted websites

Solution:

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-021

Vendor information

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx

References

US-CERT
http://www.kb.cert.org/vuls/id/338828
http://www.kb.cert.org/vuls/id/136849
http://www.kb.cert.org/vuls/id/417585

FrSIRT- ADV-2006-2319
http://www.frsirt.com/english/advisories/2006/2319

Secunia
http://secunia.com/advisories/19762
http://secunia.com/advisories/17564
http://secunia.com/advisories/20278
http://secunia.com/advisories/20276

Security Focus
http://www.securityfocus.com/bid/17820
http://www.securityfocus.com/bid/18309
http://www.securityfocus.com/bid/18303
http://www.securityfocus.com/bid/18328
http://www.securityfocus.com/bid/15660
http://www.securityfocus.com/bid/18321
http://www.securityfocus.com/bid/18320

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003