----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Microsoft Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA36979

VERIFY ADVISORY:
http://secunia.com/advisories/36979/

DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Internet
Explorer, which can be exploited by malicious people to compromise a
user's system.

1) An unspecified error in the processing of data stream headers can
be exploited to trigger a memory corruption.

2) An error related to a certain HTML component is caused due to the
improper validation of arguments.

3) An unspecified error can be exploited to access an incorrectly
initialised or deleted object and trigger a memory corruption.

4) A second unspecified error can be exploited to access an
incorrectly initialised or deleted object and trigger a memory
corruption.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4 with Microsoft Internet Explorer 5.01
SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyID=26515c7b-d7a6-4405-96b5-a518dcb39d38

Microsoft Windows 2000 SP4 with Microsoft Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=8154ba37-0fbc-4d31-9d6e-0b21586ad65a

Windows XP SP2 and Windows XP SP3 with Microsoft Internet Explorer
6:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9aacf890-afb4-46a7-a13f-dd9fe3c0ca4a

Windows XP Professional x64 Edition SP2 with Microsoft Internet
Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyID=89a2cf2a-a7a2-4d4b-aa6f-24dde288d500

Windows Server 2003 SP2 with Microsoft Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyID=8101625d-ee93-46e5-aec2-3bdbf2d86472

Windows Server 2003 x64 Edition SP2 with Microsoft Internet Explorer
6:
http://www.microsoft.com/downloads/details.aspx?familyid=2f966053-01eb-4a23-a9d5-71deac2498ea

Windows Server 2003 with SP2 for Itanium-based Systems with Microsoft
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?familyid=79a1a94d-3b47-47e9-9476-2f591c3f6a59

Windows XP SP2 and Windows XP SP3 with Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyID=dc166dc6-577f-4d8d-94df-dd963233dd85

Windows XP Professional x64 Edition SP2 with Windows Internet
Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=bd54e595-25f2-4839-a838-2a0f809bde2b

Windows Server 2003 SP2 with Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=4647bcf1-69fb-4ad6-9e03-7bc22d8a914b

Windows Server 2003 x64 Edition SP2 with Windows Internet Explorer
7:
http://www.microsoft.com/downloads/details.aspx?familyid=e7d77bd9-8317-42f3-9ad1-a0b8bfa65b53

Windows Server 2003 with SP2 for Itanium-based Systems with Windows
Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?FamilyID=07e66c09-2cd7-47ba-bf87-d3da602184b4

Windows Vista (optionally with SP1 or SP2) with Windows Internet
Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=f6995616-2a84-4c26-9599-26f1314873ed

Windows Vista x64 Edition (optionally with SP1 or SP2) with Windows
Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=b3de5236-afdd-436e-8648-5382d564cc99

Windows Server 2008 for 32-bit Systems (optionally with SP2) with
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=72dd580e-eb53-41da-a5c0-a392ad388bfc

Windows Server 2008 for x64-based Systems (optionally with SP2) with
Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=0111d741-bda4-4a50-a12b-d3337ff4441d

Windows Server 2008 for Itanium-based Systems (optionally with SP2)
with Windows Internet Explorer 7:
http://www.microsoft.com/downloads/details.aspx?familyid=e81f30b7-ef05-4488-b62a-d330e17129cf

Windows XP SP2 and Windows XP SP3 with Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=8799159d-df69-49f6-9db5-49147690ce0c

Windows XP Professional x64 Edition SP2 with Windows Internet
Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=77b18fc2-e769-47c6-8e72-916716a49e58

Windows Server 2003 SP2 with Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=9eae7eca-1a6f-4397-a6e2-7dda6b9d5276

Windows Server 2003 x64 Edition SP2 with Windows Internet Explorer
8:
http://www.microsoft.com/downloads/details.aspx?familyid=708a549d-11fd-43bf-a6e1-309e3205d59d

Windows Vista (optionally with SP1 or SP2) with Windows Internet
Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=e8f6014f-950b-4e11-a105-51d298069f1a

Windows Vista x64 Edition (optionally with SP1 or SP2) with Windows
Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=85978f28-5fc0-481b-9b03-2021c785889b

Windows Server 2008 for 32-bit Systems (optionally with SP2) with
Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=1baf7e96-ba3e-47e7-8ea3-eb092e653a39

Windows Server 2008 for x64-based Systems (optionally with SP2) with
Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=7a4b755b-7fa0-43aa-8862-c1d0c7d94c2c

Windows 7 for 32-bit Systems with Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=89d1fb78-68cd-48dd-afc2-15a79ebe9fde

Windows 7 for x64-based Systems with Windows Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=10d9f7ac-65f4-437c-91cc-171632c69b0e

Windows Server 2008 R2 for x64-based Systems with Windows Internet
Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=f50307d6-7869-4996-9ff7-23f87d08994b

Windows Server 2008 R2 for Itanium-based Systems with Windows
Internet Explorer 8:
http://www.microsoft.com/downloads/details.aspx?familyid=9b6a28ae-b3f2-42b0-8209-e3950ec37abb

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits SkyLined of Google Inc.
2) The vendor credits Mark Dowd, Ryan Smith, and David Dewey.
3) The vendor credits TippingPoint and the Zero Day Initiative.
4) The vendor credits Sam Thomas of eshu.co.uk, working with
TippingPoint and the Zero Day Initiative.

ORIGINAL ADVISORY:
Microsoft (KB974455):
http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------