• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability

Solution:
Microsoft has released an advisory to address this and other issues in supported versions of the affected application.

Some reports indicate that this issue was not properly addressed by Microsoft; third-party COM objects could still be used to exploit this issue. Symantec could not confirm this. Please see the references for more information.

MS06-042 has been reissued to address a vulnerability introduced with the previous fixes. Please see BID 19667 (Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Vulnerability) for further information on this issue.

Microsoft Security Bulletin MS06-042 has been updated to address a flaw in Mshtml.dll that was introduced in the previous fixes. Please see the referenced advisory for more information.


Microsoft Internet Explorer 6.0 SP1

• Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB918899)
  Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C335CAA9-B9E6 -403D-A039-2D3DCA723653


• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB918899)
  Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=5C2A23AC-3F2E -4BEC-BE16-4B45B44C6346


• Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB918899)
  Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=0CE7F66D-4D83 -4090-A034-9BBE286D96FA

Microsoft Internet Explorer 6.0

• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB918899)
  Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?familyid=20288DA2-A308 -45C6-BD80-C68C997529BD


• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB918899)
  Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  http://www.microsoft.com/downloads/details.aspx?familyid=663F1E83-BDC0 -4EC6-A263-398E7222C9B5


• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB918899)
  Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=5C2A23AC-3F2E -4BEC-BE16-4B45B44C6346


• Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB918899)
  Internet Explorer 6 for Microsoft Windows XP Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=CDB85BCA-0C17 -44AA-B74E-F01B5392BB31


• Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB918899)
  Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=0CE7F66D-4D83 -4090-A034-9BBE286D96FA

Microsoft Internet Explorer 5.0.1 SP4

• Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB918899)
  Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  http://www.microsoft.com/downloads/details.aspx?familyid=0DE3F143-19A6 -4F22-B53B-B6A7DA33DAF4