Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - OOB Update for Internet Explorer MS10-018 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

OOB Update for Internet Explorer MS10-018

Published: 2010-03-29
Last Updated: 2011-01-24 23:43:11 UTC
by Adrien de Beaupre (Version: 1)
2 comment(s)

Microsoft Security Bulletin MS10-018 - Critical

This update resolves 10 different vulnerabilities in Internet Explorer, of which the most severe impact can be execution of arbitrary code. All versions of IE from 5.01 to 8.0 are affected to varying degrees. Both servers and workstations should be updated. The update replaces MS10-002, and addresses the MS Advisory 981374 vulnerability. Time to patch! It is a cumulative update.

Here is a listing of the related vulnerabilities and CVE entries:
Uninitialized Memory Corruption Vulnerability - CVE-2010-0267   
Post Encoding Information Disclosure Vulnerability - CVE-2010-0488   
Race Condition Memory Corruption Vulnerability - CVE-2010-0489   
Uninitialized Memory Corruption Vulnerability - CVE-2010-0490   
HTML Object Memory Corruption Vulnerability - CVE-2010-0491   
HTML Object Memory Corruption Vulnerability - CVE-2010-0492   
HTML Element Cross-Domain Vulnerability - CVE-2010-0494   
Memory Corruption Vulnerability - CVE-2010-0805   
Uninitialized Memory Corruption Vulnerability - CVE-2010-0806   
HTML Rendering Memory Corruption Vulnerability - CVE-2010-0807

http://blogs.technet.com/msrc/archive/2010/03/30/security-bulletin-ms10-018-released.aspx

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

2 comment(s)
Diary Archives