Check Point Advisories

Update Protection against Microsoft Internet Explorer Memory Corruption Vulnerabilities (MS06-042)

Check Point Reference: CPAI-2006-112
Date Published: 11 Oct 2006
Severity: High
Last Updated: Thursday 03 May, 2007
Source: Microsoft Security Bulletin MS06-042
Industry Reference:

CVE-2006-3638
CVE-2006-3451

Protection Provided by:
Who is Vulnerable? Microsoft Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 SP1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Vulnerability Description Microsoft Internet Explorer is prone to multiple memory corruption vulnerabilities. The application fails to properly handle un-initialized COM objects and chained Cascading Style Sheets (CSS). This flaw allows attackers to cause denial of service and possibly to execute arbitrary code by convincing a user to open a maliciously crafted HTML file that causes memory corruption when it is viewed with Internet Explorer.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS06-042
Vulnerability DetailsCVE-2006-3638: The memory corruption vulnerability is due to the way that Internet Explorer handles COM objects that are not intended to be instantiated in it.
CVE-2006-3451: The vulnerability occurs when a user attempts to import multiple style sheets to construct a chain of Cascading Style Sheets (CSS).
An attacker can trigger these flaws by convincing a user to view a specially crafted HTML document. Successful exploitation could result in the crashing of the victim's Web browser, once the malicious page is loaded.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK