[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS ALERT - 23/05 - Microsoft - Vulnerability in Internet Explorer

To: interim@xxxxxxxxxxxxxxxxxx, interim-alerts@xxxxxxxxxxxxxxxxxx
Subject: UNIRAS ALERT - 23/05 - Microsoft - Vulnerability in Internet Explorer
From: "UNIRAS (UK Government CERT)" <uniras@xxxxxxxxxxxx>
Date: Tue, 22 Nov 2005 06:54:17 +0000
Cc: uniras@xxxxxxxxxxxx
Delivered-to: mailing list interim@xxxxxxxxxxxxxxxxxx
Delivered-to: moderator for interim@xxxxxxxxxxxxxxxxxx
List-help: <mailto:interim-help@lists.niscc.gov.uk>
List-post: <mailto:interim@lists.niscc.gov.uk>
List-subscribe: <mailto:interim-subscribe@lists.niscc.gov.uk>
List-unsubscribe: <mailto:interim-unsubscribe@lists.niscc.gov.uk>
Mailing-list: contact interim-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla Thunderbird 1.0.6 (X11/20050716)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------------
 UNIRAS (UK Government CERT) ALERT - 23/05 dated 22.11.05  Time: 06:55
 UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- --------------------------------------------------------------------------------
 UNIRAS material is also available from its website at www.uniras.gov.uk
 Information about NISCC is available from www.niscc.gov.uk
- --------------------------------------------------------------------------------

Title
=====

Vulnerability in Internet Explorer

Impact
======

Maliciously crafted web content could cause Internet Explorer to execute
code supplied by an attacker

Detail
======

Proof-of-concept code has been released to exercise a vulnerability
originally disclosed in May 2005.  The vulnererabilty exploits an
improperly initialized Windows object; it is reported to affect fully
patched versions of Internet Explorer versions 5.5 and 6.x running on
Microsoft Windows platforms.

UNIRAS has not, at the time of release of this alert, verified the
proof-of-concept example.

Mitigation
==========

Users may configure Internet Explorer to disable Active Scripting for
untrusted web sites.

References
==========

Microsoft Internet Explorer "window()" Arbitrary Code Execution
Vulnerability
http://secunia.com/advisories/15546

- --------------------------------------------------------------------------------
For additional information or assistance, please contact the UNIRAS Help
Desk by e-mail or telephone. Not Protectively Marked information may be
sent via e-mail to uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
Tel: +44 (0) 20 7821 1330 and follow the prompts to speak to the duty officer

- --------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Secunia for the information
contained in this Briefing.
- --------------------------------------------------------------------------------

This Alert contains the information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the canonical site to ensure that you receive the most current
information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall
not be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall accept responsibility for any errors or
omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international incident response
teams in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst itsmembers and the community at large.
- --------------------------------------------------------------------------------
<End of UNIRAS Alert>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQCVAwUBQ4LAmYpao72zK539AQJGGAP8DGQgGa+otUvdJ1HNKMoN+fLy5U0+TmP8
rQIFkm2owP5quo0tiuYj1dDj0QTUM2OhJRUez4SN5Yxv8CA/dTc/F6XzBslvDhS8
LV4/FbHzY+WwQu4w28eCWnx2nEapwY+ZuuxJ93lCATiF/5es3rlvyejHUfbQ3Z8J
6zaKxmS0DtI=
=RjB1
-----END PGP SIGNATURE-----

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Prev by Date: UNIRAS Brief - 968/05 - SCO - OpenSSL Potential SSL 2.0 Rollback Vulnerability
Next by Date: UNIRAS Brief - 970/05 - Four Fedora Update Notifications:
Previous by thread: UNIRAS Brief - 968/05 - SCO - OpenSSL Potential SSL 2.0 Rollback Vulnerability
Next by thread: UNIRAS Brief - 970/05 - Four Fedora Update Notifications:
Index(es):
- Date
- Thread