• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability

Solution:
Microsoft has released fixes to address supported version of the software. Fixes for Internet Explorer on Windows 98/98SE/ME may be obtained through Windows Update.

Avaya has released advisory ASA-2005-214 to state which Avaya products are affected by The October 2005 release of Microsoft Windows security updates. Please see the referenced advisory for further information.

Nortel Networks has released a technical support bulletin (2005006318) regarding this and other issues for their Centrex IP Client Manager (CICM). They report the vulnerabilities will be fixed in the upcoming 2.5, 7.0 and 8.0 maintenance releases. Please see the referenced bulletin for further information.

Nortel Networks has released a technical support bulletin (2005006317) regarding this issue for CallPilot. Users are advised to contact Nortel for further information.


Microsoft Internet Explorer 6.0 SP1

• Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB896688)
  http://www.microsoft.com/downloads/details.aspx?familyid=8F638D4A-670D -46C7-A7A1-1D1E3DC9732F&displaylang=en

Microsoft Internet Explorer 6.0 SP2 - do not use

• Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB896688)
  http://www.microsoft.com/downloads/details.aspx?familyid=41CCCA21-5010 -49FF-A2DD-CB365F6FD3C5&displaylang=en

Microsoft Internet Explorer 6.0

• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB896688)
  http://www.microsoft.com/downloads/details.aspx?familyid=4739846F-C35D -4C62-8E1A-60E01F3B3A59&displaylang=en


• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB896688)
  http://www.microsoft.com/downloads/details.aspx?familyid=44F43899-E897 -4495-A4F1-73A4D48E001A&displaylang=en


• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB896688)
  http://www.microsoft.com/downloads/details.aspx?familyid=24846F0A-0530 -42D1-AC60-216C0260ACA3&displaylang=en


• Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB896688)
  http://www.microsoft.com/downloads/details.aspx?familyid=59575247-3E71 -4595-92B9-4E45F6D324EF&displaylang=en

Microsoft Internet Explorer 5.0.1 SP4

• Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB896688)
  http://www.microsoft.com/downloads/details.aspx?familyid=B1F0216C-0D62 -4141-9DC7-3C7B06C3A30A&displaylang=en