TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
(MS08-045) Cumulative Security Update for Internet Explorer (953838)
Vulnerability Identifier: CVE-2008-2254; CVE-2008-2255; CVE-2008-2256; CVE-2008-2257; CVE-2008-2258; CVE-2008-2259
Discovery Date: Aug 12, 2008
Risk: Critical
Affected Software:
  • Microsoft Internet Explorer 5.01 Service Pack 4
  • Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
  • Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 with SP2 for Itanium-based Systems)
  • Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 x64 Edition Service Pack 2)
  • Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 x64 Edition)
  • Microsoft Internet Explorer 6 (Microsoft Windows XP Professional x64 Edition)
  • Microsoft Internet Explorer 6 (Microsoft Windows XP Service Pack 2)
  • Microsoft Internet Explorer 6 (Windows Server 2003 Service Pack 1)
  • Microsoft Internet Explorer 6 (Windows Server 2003 Service Pack 2)
  • Microsoft Internet Explorer 6 (Windows XP Professional x64 Edition Service Pack 2)
  • Microsoft Internet Explorer 6 (Windows XP Service Pack 2)
  • Microsoft Internet Explorer 6 (Windows XP Service Pack 3)
  • Microsoft Internet Explorer 6.0 Service Pack 1
  • Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 Service Pack 1)
  • Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 Service Pack 2)
  • Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
  • Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 with SP2 for Itanium-based Systems)
  • Microsoft Internet Explorer 7 (Microsoft Windows XP Professional x64 Edition Service Pack 2)
  • Microsoft Internet Explorer 7 (Microsoft Windows XP Professional x64 Edition)
  • Microsoft Internet Explorer 7 (Microsoft Windows XP Service Pack 2)
  • Microsoft Internet Explorer 7 (Windows Server 2008 for 32-bit Systems)
  • Microsoft Internet Explorer 7 (Windows Server 2008 for Itanium-based Systems)
  • Microsoft Internet Explorer 7 (Windows Server 2008 for x64-based Systems)
  • Microsoft Internet Explorer 7 (Windows Vista Service Pack 1)
  • Microsoft Internet Explorer 7 (Windows Vista x64 Edition Service Pack 1)
  • Microsoft Internet Explorer 7 (Windows Vista x64 Edition)
  • Microsoft Internet Explorer 7 (Windows Vista)
  • Microsoft Internet Explorer 7 (Windows XP Service Pack 3)
Description:

This security update resolves vulnerabilities which could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users configured to have fewer administrative privileges could be less impacted than users who operate with full administrative user rights.


Patch Information:

Patches for this vulnerability can be downloaded on this Microsoft Web page.


Workaround Fixes:

Microsoft recommends to disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry. Also, Internet Explorer may be configured to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. Adding sites that you trust to the Internet Explorer Trusted sites zone is also suggested. It is highly advised to read e-mail messages in plain text format in Microsoft Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version, to help protect against the HTML e-mail attack vector.

Patches for this vulnerability can be downloaded on this Microsoft Web page.
 
Search for another Security Advisory
Keyword: