Home / vulnerabilitiesPDF  

TA10-021A.txt

Posted on 22 January 2010
Source : packetstormsecurity.org Link

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA10-021A


Microsoft Internet Explorer Vulnerabilities

Original release date:
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Internet Explorer


Overview

Microsoft has released out-of-band updates to address critical
vulnerabilities in Internet Explorer.


I. Description

Microsoft has released updates for multiple vulnerabilities in
Internet Explorer, including the vulnerability detailed in
Microsoft Security Advisory 979352 and US-CERT Vulnerability Note
VU#49251.


II. Impact

By convincing a user to view a specially crafted HTML document or
Microsoft Office document, an attacker may be able to execute
arbitrary code with the privileges of the user.


III. Solution

Apply updates

Microsoft has released updates to address these vulnerabilities.
Please see Microsoft Security Bulletin MS10-002 for more
information.

Apply workarounds

Microsoft has provided workarounds for some of the vulnerabilities
in MS10-002.


IV. References

* Microsoft Security Bulletin MS10-002 -
<http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx>

* Microsoft Security Advisory 979352 -
<http://www.microsoft.com/technet/security/advisory/979352.mspx>

* US-CERT Vulnerability Note VU#49251 -
<http://www.kb.cert.org/vuls/id/492515>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA10-021A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA10-021A Feedback VU#49251" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2010 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

January 21, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS1i9/C/E9ke+6HGsAQJdMQgA0HJlKy01j6rUpcpU9VHnGgPv56akxzac
YQIWL0n3ggsc6EKcDM6Nnes6+VXFuZyNuzw16S2sTSh13PLjRiAdEtM3a5k/TDrX
LdUEzipjYnXm0jn7EwGpoxNOHFI1fIaQhnQuWhM9S3Ri4lClROl0NZSAJnjIy7sU
UiTuIkN2x/nTmYwgVXX4bczRFStgcqkcv16BHIChXqHO/zOGK0ACO/b8oG0zIHPg
rEsvPy86M7v5LCNGGf6+H3bkcwjoWEOcPuXhpQkJT7BDWsz8F+kUCvCdMbbmTFzZ
d0cdSCKyS7Wo9iBGBmD8R84GIALwnTyRdr9QtiFlA4UWOScV/7JFQQ==
=L4w6
-----END PGP SIGNATURE-----

 

TOP

Malware :

Exploits :