Four security holes have been detected and patched in the world’s most
popular Web browser, Microsoft said on Wednesday,
warning that the vulnerabilities carry a ‘critical’ rating.
The security vulnerabilities in Microsoft’s flagship Internet Explorer
(IE) browser could allow an attacker to execute arbitrary code on a user’s
system if the user either browsed to a hostile web site or opened a
specially crafted HTML email message, the company warned.
On a day when it also warned of a ‘critical’ hole in its Outlook Express
e-mail client, the company issued a cumulative patch was issued for Internet
Explorer versions 5.01 through 6.0 and includes the functionality of all
previously released patches for the browser.
The first flaw — a buffer overrun vulnerability in URLMON.DLL — occurs
because the browser does not correctly check the parameters of information
being received from a web server. This leaves the door open for an attacker
to take control of a susceptible system by luring the user to visit a
Website.
Microsoft said a flaw in the Internet Explorer file upload control could
let an attacker supply a file name to the file upload control and
automatically upload a file from the user’s system to a web server.
The browser also contains a separate flaw in the way it handles the
rendering of third party files. “The vulnerability results because the
Internet Explorer method for rendering third party file types does not
properly check parameters passed to it. An attacker could create a specially
formed URL that would inject script during the rendering of a third party
file format and cause the script to execute in the security context of the
user,” Microsoft added.
The last hole was found in the way modal dialogs are treated by IE. This
flaw could be used by an attacker to gain access to files stored on a user’s
computer.
In addition to correcting those four flaws, Microsoft said the patch also
includes a fix for Internet Explorer 6.0 SP1 that corrects the method by
which the browser displays help information in the local computer zone.
The patch also sets the ‘Kill Bit’ on the Plugin.ocx ActiveX control
which has a security vulnerability.
Microsoft cautioned that the patch will cause window.showHelp( )
to cease to function if a user does not apply the HTML Help update.
“If you have installed the updated HTML Help control from Knowledge Base
article 811830, you will still be able to use HTML Help functionality after
applying this patch,” the company noted.
Separately, the software giant tagged the maximum severity rating on a cumulative patch for Outlook Express
versions 5.5 through 6.0 to fix a flaw that could allow an intruder to take
over a user’s machine.
To exploit the vulnerability, attacker would have to be able to cause
Windows to open a specially constructed MHTML URL, either on a web site or
included in an HTML email message.