# Highly Critical! Update Your Internet Explorer Now!



## jgvernonco (Sep 13, 2003)

Microsoft Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA12192

VERIFY ADVISORY:
http://secunia.com/advisories/12192/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
Microsoft Internet Explorer 6
http://secunia.com/product/11/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/

DESCRIPTION:
Microsoft has issued an update for Internet Explorer. This fixes
three vulnerabilities, allowing malicious websites to cause a DoS
(Denial of Service) or compromise a user's system.

1) An error can be exploited to bypass the zone restrictions in
Internet Explorer.

For more information:
SA11793

2) An integer signedness error within the handling of BMP images can
be exploited to execute arbitrary code. This vulnerability has
already been fixed in prior service packs for Internet Explorer. 

3) A boundary error within the handling of GIF images can reportedly
be exploited to execute arbitrary code on a vulnerable system.

SOLUTION:
Microsoft has released updates:

Internet Explorer 5.01 requires Service Pack 2:
http://www.microsoft.com/downloads/...EF-076B-43C4-8028-E91FCFAB252B&displaylang=en

Internet Explorer 5.01 requires Service Pack 3:
http://www.microsoft.com/downloads/...1D-7350-43F8-B72E-ED9D62577A60&displaylang=en

Internet Explorer 5.01 requires Service Pack 4:
http://www.microsoft.com/downloads/...14-821A-4C51-985B-C3958FAD3D4C&displaylang=en

Internet Explorer 5.5 requires Service Pack 2:
http://www.microsoft.com/downloads/...0C-93F6-454A-A663-FC187C18CD9B&displaylang=en

Internet Explorer 6:
http://www.microsoft.com/downloads/...85-F19F-4B50-A75F-7636D8BEE576&displaylang=en

Internet Explorer 6 requires Service Pack 1:
http://www.microsoft.com/downloads/...85-F19F-4B50-A75F-7636D8BEE576&displaylang=en

Internet Explorer 6 requires Service Pack 1 (64-Bit Edition):
http://www.microsoft.com/downloads/...0D-9E3B-4B44-BD65-C8D37A0DD62D&displaylang=en

Internet Explorer 6 for Windows Server 2003:
http://www.microsoft.com/downloads/...D9-C66A-4608-8DBE-2492B4AFBC3B&displaylang=en

Internet Explorer 6 for Windows Server 2003 (64-Bit Edition):
http://www.microsoft.com/downloads/...A9-71D3-48F7-BB32-F8A4D36C5FB9&displaylang=en

ORIGINAL ADVISORY:
http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx

OTHER REFERENCES:
SA11793:
http://secunia.com/advisories/11793


----------

