Multiple vulnerabilities have been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.
The first issue is caused by a memory corruption error when processing specially crafted Web pages with certain HTML layout combinations, which could be exploited by attackers to crash an affected browser or execute arbitrary code via a malicious web page.
The second vulnerability is caused by a memory corruption error when calling the property method, which could be exploited by remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
The third issue is caused by a memory corruption error in the "dxtmsft.dll" ActiveX control when handling certain images, which could be exploited by attackers to crash an affected browser or execute arbitrary code via a malicious web page.
The fourth vulnerability is caused by memory corruption errors when using the "Foxtlib.ocx" and "Fpole.ocx" ActiveX controls, which could be exploited by remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
Credits
Vulnerabilities reported by Shane Macaulay and Riley Hassell (Security Objectives), ZDI, hyy, iDefense Labs, and Venustech (ADLABS).
ChangeLog
2008-02-12 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
