Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft / Patches and Vulnerabilities

Patches and Vulnerabilities

Patches Available for IE7 on XP SP3 and Vista SP1

Along with additional IE versions

By Marius Oiaga, Technology News Editor

11th of June 2008, 10:11 GMT

Adjust text size:


Internet Explorer 7
Enlarge picture
New patches are available from Microsoft via Windows Update, designed to resolve security vulnerabilities in various versions of the Internet Explorer browser. Internet Explorer 5.01 SP4, Internet Explorer 6, and Internet Explorer 7 running on Windows 2000 SP4, Windows Server 2003, Windows XP and Windows Vista are all affected. The Microsoft Security Bulletin MS08-031 comes with a severity rating of Critical, and it plugs a private and a publicly disclosed hole. IE6 and IE7 running on Windows XP Service Pack 3 as well as IE7 running on Windows Vista Service Pack 1
contain a Critical HTML Objects Memory Corruption vulnerability which is taken care of via the IE Cumulative Security Update for June 2008.

"The security update is rated Critical for Internet Explorer 6 Service Pack 1; Internet Explorer 6 on supported versions of Windows XP; and Internet Explorer 7 on supported versions of Windows XP and Windows Vista. The security update is rated Important for Internet Explorer 5.01 on Microsoft Windows 2000 Service pack 4, and Moderate for all other supported releases of Internet Explorer 6," explained Terry McCoy, Program Manager Internet Explorer Security.

In the eventuality of a successful exploit targeting the HTML Objects Memory Corruption flaw, an attacker could gain complete control over an affected system, and perform remote code execution. The second vulnerability is less severe. The Request Header Cross-Domain Information Disclosure hole only allows for information disclosure. In this context, the HTML Objects Memory Corruption vulnerability poses the greatest risk to end users even in the context of XP SP3 and Vista SP1.

"A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user," Microsoft informed.

TAGS:

 IE7 | patch | Windows Vista SP1 | Windows XP SP3 | vulnerability


Rating:
Very Good (4.3/5) 3 vote(s) so far    

Read by 0 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Installing Custom IE7 Optimized Packages on XP SP3 RTM

IE8 Beta 1 Attack Code Available in the Wild

IE7 on XP Outperforms Safari 3 on Mac OS X

Just Like Vista, IE8 Is in Danger of Being a Transition Product

Mozilla Wants Firefox 3.0 to Break All Software Download Records

IETester - IE8 Beta 1, IE7, IE6 and IE5.5 All into One

Firefox 3.0 to Drop on a Bleeding Internet Explorer

2 Million IE8 Beta 1 vs. Firefox 3.0

Until Beta 2 Drops, IE8 Beta 1 and IE7 Ignore the Firefox 3.0 Threat

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive