Internet Explorer Multiple Vulnerabilities: Multiple vulnerabilities and a weakness have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, or compromise a user's system.
Other Types Of Vulnerabilities:
- 1) A combination of cross-origin content inclusion being allowed and the manner in which the CSS parser is fault-tolerant when processing content can be exploited to obtain sensitive information from a web page in another domain by injecting certain data into the page and then importing it as a style sheet.
- 2) An error in the Auto-Complete feature can be exploited to capture content entered into form fields via scripted instructions when a user visits a specially crafted web page.
Note: Successful exploitation requires that the Auto-Complete feature is enabled.
- 3) An unspecified error in the "toStaticHTML" API when sanitising HTML code can be exploited to execute arbitrary HTML and script code in the user's browser session in context of a targeted site.
- 4) An unspecified error in the "toStaticHTML" API when sanitising HTML code can be exploited to execute arbitrary HTML and script code in the user's browser session in context of a web site that that includes specially crafted content.
- 5) An error when attempting to access an uninitialised or deleted object can be exploited to corrupt memory and execute arbitrary code when a user visits a specially crafted web page.
- 6) An unspecified error in the handling of anchor elements can lead to potentially sensitive information being left in HTML content.
- 7) A use-after-free error within the "CAttrArray::PrivateFind" function in mshtml.dll can be exploited to corrupt memory and execute arbitrary code when a user visits a specially crafted web page.
- 8) An error when attempting to access an uninitialised or deleted object can be exploited to corrupt memory and execute arbitrary code when a user closes a specially crafted document opened in Microsoft Word.
- 9) An unspecified error can be exploited to disclose content from another domain when a user visits a specially crafted web site.
- 10) An error when attempting to access an uninitialised or deleted object can be exploited to corrupt memory and execute arbitrary code when a user closes a specially crafted document opened in Microsoft Word.
Solution:
Update Your Internet Explorer To Latest Version And Apply Patches From Microsoft
Reference:
Original Advisory:
Other Pages:
