The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP.
Severity of this bulletin: 4/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 24/09/2012.
Références of this threat: 2744842, BID-55641, BID-55645, BID-55646, BID-55647, CERTA-2012-AVI-516-001, CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, CVE-2012-2557, MS12-063, VIGILANCE-VUL-11967, ZDI-12-198, ZDI-12-200, ZDI-13-007.

Description of the vulnerability 

Several vulnerabilities were announced in Internet Explorer.

An attacker can use the OnMove event, in order to force Internet Explorer to use a freed memory area, which corrupts the memory. [severity:4/4; BID-55641, CVE-2012-1529]

An attacker can use an event, in order to force Internet Explorer to use a freed memory area, which corrupts the memory. [severity:4/4; BID-55645, CVE-2012-2546]

An attacker can change the layout, in order to force Internet Explorer to use a freed memory area, which corrupts the memory. [severity:4/4; BID-55646, CVE-2012-2548, ZDI-12-200, ZDI-13-007]

An attacker can clone a node, in order to force Internet Explorer to use a freed memory area, which corrupts the memory. [severity:4/4; BID-55647, CVE-2012-2557, ZDI-12-198]

An attacker can therefore invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security vulnerability impacts software or systems such as IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP.

Our Vigil@nce team determined that the severity of this computer weakness bulletin is critical.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 4 vulnerabilities.

An attacker with a expert ability can exploit this security note.

Solutions for this threat 

Windows, IE: patch.
A patch is available:
Windows XP SP3
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=967c9ef3-db48-4c2f-9a67-87851fd54962
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=6ba78d4c-3657-4963-b2da-7a3763c6b5c9
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=ac71ffe3-f077-4753-a238-47a2e9623363
Windows XP x64 SP2
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=020b36c6-7050-4458-8762-bae35eb713cd
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=1e2e412a-be97-407e-9f02-fc074db3bb07
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=c727d956-be3e-4cd2-913c-f26cb6c33227
Windows 2003 SP2
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=7aaaa15b-87d8-4afc-b183-8ce5becda026
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=aef34ce4-a6ce-4f5e-9892-0a7fbd90c3b4
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=d63e25ad-ab8c-425f-89cd-29cd2b7b69d6
Windows 2003 x64 SP2
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=366feacb-16ad-455c-b2ad-5038f998c432
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=baa47c53-2724-43ef-8590-d3733b47e75b
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=84144e56-f653-4c92-bf49-d44d9ba10489
Windows 2003 Itanium SP2
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=c28d6dc3-c2f0-4505-a545-85b7a0e3e2dc
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=86c28695-86a5-4c17-82d6-7f98b3162aa6
Windows Vista SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=053546fc-ed41-43c2-b4f2-b76334314f5c
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=0a5a446d-0a48-4eec-b424-87339b34a3be
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=daba1ef1-62db-43db-9d5b-495aa2d3550f
Windows Vista x64 SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=cbe5681b-c28e-4a6a-9b97-0bfe44acf077
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=5642136e-68f6-42e8-b48e-1549733c6e7d
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=aae496ef-fca2-4632-9a8f-2108722d2b28
Windows Server 2008 32-bit SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=df861b42-bcf2-4f7a-9019-f49e6725f5dc
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=1d4f0f25-9539-4c38-babb-4af7f0f4c6cf
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=0b2965d7-e0b2-4035-a9e4-f6badb389098
Windows Server 2008 x64 SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=fa9878c0-b7e5-43ac-b1eb-679e62cf62fc
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=10bab7d4-0dd8-4fa7-b26c-715a68553707
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=612a94ef-0950-41e8-9875-a8f0e71eba6f
Windows Server 2008 Itanium SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=ded887a4-a06d-4447-b19d-19d0f4928523
Windows 7 for 32-bit Gold, SP1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=93591461-39ff-4cbd-8df3-88cb80ed6255
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=b303f86a-df17-4961-b677-0c38bd6a86d3
Windows 7 for x64 Gold, SP1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=e2083388-19a9-4754-9449-1dad2a7f7543
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=01045ee2-c7c4-4078-969f-905fd7e8774f
Windows Server 2008 R2 x64 Gold, SP1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=d46ec8ea-b8c8-42d9-a201-f36eb97b91b8
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=c44a0253-fefc-4ce6-9cfd-396fdea71f8d
Windows Server 2008 R2 Itanium Gold, SP1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=c132173b-f869-47ec-bb70-6307081473fe
The Microsoft announce indicates workarounds.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities patches. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.