• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Content Advisor File Handling Buffer Overflow Vulnerability

Solution:
Microsoft has released updates to address this vulnerability on supported platforms.

Internet Explorer 6 for Windows Server 2003 SP 1 including 64-Bit Edition is not affected by this issue. Windows XP Professional x64 Edition is also not affected.

Microsoft has released fixes for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition. These updates are available from the Windows Update Web site:

http://go.microsoft.com/fwlink/?LinkId=21130

Localized Slovenian and Slovakian fixes are available for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition as well. Please see the referenced Microsoft bulletin for more information.


Microsoft Internet Explorer 6.0 SP1

• Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows XP & 2000 (KB890923)
  Fix for Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, and Windows XP Service Pack 1.
  http://www.microsoft.com/downloads/details.aspx?familyid=92E5A83D-9131 -4B20-915A-A444C51656DC&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB890923)
  Fix for Windows XP Service Pack 1 (64-Bit Edition).
  http://www.microsoft.com/downloads/details.aspx?familyid=87241BC0-E1E9 -4EFC-A6EC-5413119D3100&displaylang=en

Microsoft Internet Explorer 6.0 SP2 - do not use

• Microsoft Cumulative Security Update for Internet Explorer for XP Service Pack 2 (KB890923)
  Fix for Windows XP Service Pack 2.
  http://www.microsoft.com/downloads/details.aspx?familyid=974F9611-6352 -4F9C-B258-346C317857C5&displaylang=en

Microsoft Internet Explorer 6.0

• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB890923)
  Fix for Windows Server 2003.
  http://www.microsoft.com/downloads/details.aspx?familyid=88879B7A-3F4D -40D4-ADFD-4BBD8D4D865F&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB890923)
  Fix for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003.
  http://www.microsoft.com/downloads/details.aspx?familyid=FF80E80F-862A -4484-BC9D-FE05F966F1F4&displaylang=en

Microsoft Internet Explorer 5.0.1 SP3

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB890923)
  Fix for Windows 2000 Service Pack 3.
  http://www.microsoft.com/downloads/details.aspx?familyid=6CF45449-03D8 -40B8-A4C0-09F413EE8EAB&displaylang=en

Microsoft Internet Explorer 5.0.1 SP4

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB890923)
  Fix for Windows 2000 Service Pack 4.
  http://www.microsoft.com/downloads/details.aspx?familyid=627F8991-7717 -4ADE-A5AE-169591B6AAE0&displaylang=en